Mozilla and Certificate Authorities

Posted Feb 12, 2012 12:38 UTC (Sun) by dark (guest, #8483)
In reply to: Mozilla and Certificate Authorities by lambda
Parent article: Trustwave admits issuing man-in-the-middle digital certificate (ComputerWorld)

I recently started using Certificate Patrol (firefox add-on) and it notifies me whenever it accepts a new certificate and gives me a chance to inspect the details. After the first day I had all my usual sites in there so I'm mostly browsing without interruptions again.

Since I left all the CAs at their default, I can easily tell the difference between a site signed by a possibly-dodgy CA and one that doesn't have a valid signature at all. In the first case I get a notification from Certificate Patrol and I can reject it if it looks too odd for the site. In the second case I get the usual Firefox warning.

This is in addition to Certificate Patrol's main feature, which is to warn me if a site's certificate changes unexpectedly. The kind of snooping that's described in this article will make it look like many sites' certificates have changed and that will set off all the warning bells.

Maybe this approach will work for you too?