Web Security


The purpose of this addon is to provide the end user a mechanism to evaluate the authenticity of a web site and the authenticity of a web pages from web sites, to provide the web server a mechanism to authenticate the end user, and to provide the end user and the web server an option to confidentially transport web content over http. The specification can be downloaded from my website.

Without this add, Firefox's identity box provides only the website authenticity information (with EV certificate or not) & TLS. I am not satisfied with the identity box, so I propose 4 icons to replace the identity box. The 4 icons are: website authenticity, confidential transportation, web content authenticity, authorization to the web page.

My 4 icons give some more information and can be much easily understood by end users.

Furthermore, the authenticity can be based on either X509 system or OpenPGP system. The web content authenticity is achieved by adding 2 HTTP headers Sig-X509 and Sig-GPG. This addon also provides PKI based client authentication, so with this, no website should keep passwords of their users any more. The original purpose of this project is to get rid of passwords for all websites.

By the way, even for this web page, there are 4 websites (and hence 4 digital certificates) get involved, but Firefox tells you only 1 of them. What are the rest? You can see the image #2.

Download files:


This page is part of the LegacyCollector website.
Disclaimer: All material on this site is property of their respective owners and available under
open licenses to the best of our knowledge. If you are an author and would like anything removed,
then please write an e-mail to legacy [at] collector dot org.