There has been a lot of talk recently questioning the trust authorities that underpin the SSL/TLS world. After a few high-profile incidents, it is clear that there is something wrong with this structure.

While some people have suggested that DNSSEC might solve this problem, here are three Firefox add-ons that can be used today to enhance the security of HTTPS:

  • Certificate Patrol applies the "trust on first use" principle familiar to most ssh users. It keeps track of the certificates you get for the sites you visit and displays a warning if important elements (e.g. the certificate authority) change.
  • Perspectives uses a network of certificate notaries to issue a warning when you encounter a certificate that is different from what other Perspectives users see.
  • Monkeysphere takes advantage of the PGP/GPG web-of-trust to verify the authenticity of certificates.

Unlike the Convergence approach which completely takes over certificate handling, all three of the above add-ons can be used together.

Don't forget the all-important HTTPS Everywhere, to make sure you actually use SSL.
Comment by Anonymous