[16789] in cryptography@c2.net mail archive
Can you help develop crypto anti-spoofing/phishing tool ?
daemon@ATHENA.MIT.EDU (Amir Herzberg)
Wed Feb 2 18:28:32 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 02 Feb 2005 22:11:54 +0200
From: Amir Herzberg <herzbea@macs.biu.ac.il>
Cc: cryptography@metzdowd.com
In-Reply-To: <41F0FA8F.8080702@systemics.com>
We develop TrustBar, a simple extension to FireFox (& Mozilla), that
displays the name and logo of SSL protected sites, as well as of the CA
(so users can notice the use of untrusted CA). I think it is fair to say
that this extension fixes some glitches in the deployment of SSL/TLS,
i.e. in the most important practical cryptographic solution.
TrustBar works pretty well for several alpha users. The solution
benefited a lot from discussions on this list, including substantial
input by Ian. You can download it from http://trustbar.mozdev.org (and
it is completely script so what you download is also the source code).
I am hoping some of you may be able to help improve, evaluate and deploy
this solution. In particular, we need implementations for other browsers
(e.g. IE...); we can also use help in continuing our development as
several pretty cool ideas are not done yet, due to other commitments of
us (Ahamd Gbara and me). For example, we designed a simple mechanism to
allow sites to protect (cryptographically) also pages where SSL is too
expensive, but it is waiting for implementation for a while... And of
course we need evaluations, code reviews, testing... In fact, I wouldn't
object if some serious open-code developer assumed responsibility...
If people are interested, and want to discuss face to face, I'll be in
RSA on 15-18/February...
Best, Amir Herzberg
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
