[HTTPS-Everywhere] SSL Observatory with HTTPS Finder-like discovery?
Seth David Schoen
schoen at eff.org
Fri Sep 23 14:10:18 PDT 2011
Kevin Jacobs writes:
> Have you given any thought to implementing HTTPS detection, similar to HTTPS Finder? The difference is that it would be 100% background detection with no alerts, for the sole purpose of collecting more certificates (without affecting the rule-based approach of HTTPS Everywhere). It could be a separate “advanced” option in addition to “opt-in reporting” (i.e. opt-in discovery).
>
> I think this could greatly increase the amount of data reported to the SSL Observatory. Let me know your thoughts on this – I’d be happy assist.
A generalization of this might be a client (or device) that does a brief
scan of some number of TLS services from a user's location and reports
the results to the Observatory, without actually using the services for
anything else.
This could be useful for getting reports from travelers who are going to
places whose networks they're very curious about, but who might not be
regular users of every popular HTTPS site (or of certain sites that are
evidently very interesting to attackers, like addons.mozilla.org or
www.torproject.org). This could even be useful as an application for
smartphones...
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the HTTPS-everywhere
mailing list