Three Firefox extensions to enhance SSL security

There has been a lot of talk recently questioning the trust authorities that underpin the SSL/TLS world. After a few high-profile incidents, it is clear that there is something wrong with this structure.

While some people have suggested that DNSSEC might solve this problem, here are three Firefox add-ons that can be used today to enhance the security of HTTPS:

Certificate Patrol applies the "trust on first use" principle familiar to most ssh users. It keeps track of the certificates you get for the sites you visit and displays a warning if important elements (e.g. the certificate authority) change.
Perspectives uses a network of certificate notaries to issue a warning when you encounter a certificate that is different from what other Perspectives users see.
Monkeysphere takes advantage of the PGP/GPG web-of-trust to verify the authenticity of certificates.

Unlike the Convergence approach which completely takes over certificate handling, all three of the above add-ons can be used together.

RSS Atom

Don't forget the all-important HTTPS Everywhere, to make sure you actually use SSL.

Comment by Anonymous — Mon Oct 3 10:48:43 2011

OCSP recommendations from the NSA

The NSA recommends these Firefox settings (browse to about:config to set them):

security.OCSP.enabled = 1
security.OCSP.require = true

Comment by fmarier — Sun Feb 17 15:12:20 2013

Add a comment