[SSL Observatory] Does the Obs. provide cert validation through HTTP uploads?
Erik Hjelmvik
erik.hjelmvik at gmail.com
Wed Mar 23 13:29:33 PDT 2011
2011/3/23 Chris Palmer <chris at eff.org>:
> On 03/23/2011 09:08 AM, Erik Hjelmvik wrote:
>
>> Is there any way I can upload a cert (in the .cer) format to the SSL
>> Observatory to see if the cert I've received is the same one as other
>> people get. I.e. in order to verify that I'm not being MITM:ed by
>
> Not right now.
>
> We are working on a decentralized Observatory that will let you submit
> certificates to our server. However, it is intended as a research data
> gathering system, and its primary purpose is not to provide real-time
> MITM defense. We hope it will help people discover post facto, but it's
> a research system and not a defense mechanism. Of course, the subject of
> our research is potential techniques for defense...
>
> The closest thing to what you want is Perspectives, but that also does
> not really provide true real-time MITM defense. Maybe someday it will,
> or something like it will.
Thanks for your feedback Chris!
I'm actually really not looking for a real-time MITM defence, but
rather the possibility to do post-event forensic analysis of captured
network traffic from a suspected MITM attack.
I looked closer at Perspectives and found that they provide a web
interface that can be used to query for what certs a SSL protected
website serves to other parties:
https://www.networknotary.org/notary_web/notary_query
This suits me just perfect since I now can extract certificates from
packet captures with NetworkMiner and then check the MD5 fingerprint
of each certificate against Perspectives' "network notary".
/erik
>
>
> --
> Chris Palmer
> Technology Director, Electronic Frontier Foundation
> https://www.eff.org/code
>
--
my blog: http://www.netresec.com/?page=Blog
More information about the Observatory
mailing list