This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Perspectives Project
Perspectives Project

Version management

Difference between version and

At line 1 added 25 lines
!!! Overview
[{$pagename}] is a new approach to helping computers communicate securely on the Internet. With [{$pagename}], public “network notary” servers regularly monitor the [SSL] [certificates] used by 100,000s+ websites to help your browser detect [Man-In-The-Middle] attacks without relying on [certificate authorities|Certificate Authority].
!! The Problem
For years, the Internet has relied on anointed [Certificate Authorities|Certificate Authority] (CAs) and [Registration Authority] like VeriSign to issue SSL certificates that browsers trust to verify the identify of a remote web server when using the [HTTPS] protocol. Verifying the remote server’s SSL certificate is necessary to avoid [Man-In-The-Middle] (MitM) attacks in which an [attacker] eavesdrops on communication or impersonates a remote website.
The [Certificate Authority] model have long been criticized as a potential security risk, and recent incidents demonstrate that the security concerns are not just theoretical:
* May 2011: Indications point to the Syrian government actively performing [Man-In-The-Middle] [attacks] (More Info)
* March 2011: Certificate Authority is hacked, leading to the issuing of fraudulent certificates for sites including google.com, yahoo.com and msn.com (More Info)
The root of the problem is that with the [CA] model, browsers blindly [trust] a group of 600+ corporate and government parties to [Certificate Validation]. You as a web [browser] user have little or no choice about who to trust and essentially no visibility into whether these organizations deserve your trust.
!! How Perspectives Helps
Perspectives takes a different approach to how the web [browser] determines if an [SSL] [certificate] is valid. Instead of requiring [browser] users to [trust] an anointed group of [Certificate Authority], Perspectives gives users the ability to pick a group they trust (e.g., the [EFF], [Google], their company, their university, their group of friends, etc.) and trust no one else.
!! How is this possible?
Perspectives has a decentralized model that let’s anyone run one or more “network notary servers”. A network notary server is connected to the Internet and regularly monitors websites to build a history of the SSL certificate used by each site. Notary servers or groups of notary servers may be operated by public organizations, private companies, or even individuals.
Rather than validating an SSL certificate by checking for certificate authority approval, with Perspectives the browser validates a certificate by checking for consistency with the certificates observed by the network notaries over time. With network notary servers spread around the world and keeping a history of data, it is VERY hard for an attacker to launch a [Man-In-The-Middle] attack (see our academic paper for a full security analysis).
Just like a user picks which search engine their browser will use, they user can also choose what group(s) of network notaries they will [trust]. The user him/herself can choose whether they trust Comodo, the U.S government, the Chinese government, or not. And because all notary data is public, the quality of different network notaries can be measured and evaluated by anyone, creating a market for better security.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop