LegacyCollector

Home | Legacy Firefox Extensions | Content Policy | Contact

Certificate Patrol

Author(s):



Your web browser trusts a lot of certification authorities and chained sub-authorities, and it does so blindly. "Subordinate or intermediate certification authorities" are a little known device: The root CAs in your browser can delegate permission to issue certificates to an unlimited amount of subordinate CAs (SCA) just by signing their certificate, not by borrowing their precious private key to them. You can even buy yourself such a CA from GeoTrust or elsewhere.

It is unclear how many intermediate certification authorities really exist, and yet each of them has "god-like power" to impersonate any https web site using a Man in the Middle (MITM) attack scenario. Researchers at Princeton are acknowledging this problem and recommending Certificate Patrol. Revealing the inner workings of X.509 to end users is still deemed too difficult, but only getting familiar with this will really help you get in control. That's why Certificate Patrol gives you insight of what is happening.

If you still think a MITM attack is unlikely to happen to you, read this user report.

Download files:

certificate-patrol-0.7.xpi
certificate-patrol-1.0.xpi
certificate-patrol-1.1.xpi
certificate-patrol-1.2.3.xpi
certificate-patrol-1.2.5.xpi
certificate-patrol-1.2.6.xpi
certificate-patrol-1.2.7.xpi
certificate-patrol-1.4.xpi
certificate-patrol-1.8.1.1-signed.1-signed.xpi
certificate-patrol-1.8.3.1-signed.1-signed.xpi
certificate-patrol-2.0.10.1-signed.1-signed.xpi
certificate-patrol-2.0.12.1-signed.1-signed.xpi
certificate-patrol-2.0.14.1-signed.1-signed.xpi
certificate-patrol-2.0.16.xpi
certificate-patrol-2.0.6.1-signed.1-signed.xpi
certificate-patrol-2.0.8.1-signed.1-signed.xpi




This page is part of the LegacyCollector website.
Disclaimer: All material on this site is property of their respective owners and available under
open licenses to the best of our knowledge. If you are an author and would like anything removed,
then please write an e-mail to legacy [at] collector dot org.