On Sun, Mar 20, 2011 at 5:58 PM, Mike Perry <mikepe...@fscked.org> wrote: > I've spent some time working with the EFF recently to build a > distributed version of the SSL Observatory > (https://www.eff.org/observatory) to be included with HTTPS > Everywhere. The draft API and design sketch is here: > https://trac.torproject.org/projects/tor/wiki/HTTPSEverywhere/SSLObservatorySubmission
cool! > The brief summary is that it will be submitting rare TLS certificates > through Tor to EFF for analysis and storage. We will also leverage the > database of certificates to provide notification in the event of > targeted MITM attacks**. > > I am trying to decide if this is a bad thing to enable by default for > users. if EFF was presented with a national security letter or other legal demand under seal demanding the existence of a given certificate not be exposed, would they be bound to not present a MITM alert for that cert? (said another way, could this potentially be a false sense of security, if all trust for anomaly notification was placed in the EFF alone?) _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk