Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make this plugin the ultimate plugin. #27

Open
GoogleCodeExporter opened this issue Mar 21, 2015 · 4 comments
Open

Make this plugin the ultimate plugin. #27

GoogleCodeExporter opened this issue Mar 21, 2015 · 4 comments
Labels
auto-migrated Priority-Medium Type-Enhancement

Comments

@GoogleCodeExporter
Copy link 

Now this is #1 on my list and should be on everyones. I would like to see this 
plugin www.cs.cmu.edu/~perspectives/firefox.html implemented in KB SSL 
Enforcer. In addition I would like to see the URL bar turn colors (green for 
payed signed cert, blue for self signed legit cert, red for no https, etc) and 
remove that HTTPS with a dash through that chrome does. Also, if there is a 
site with no HTTP (see Issue 26) then URL bar should turn red or some other 
"this is not encrypted" color and pop up a status bar/message/something that 
reminds us that our data is going over in clear text.

Original issue reported on code.google.com by [email protected] on 7 Oct 2010 at 5:33
@GoogleCodeExporter
Copy link
Author 

There are multiple things in this:
- Allow self-signed certificates automatically, while still indicating that it 
isn't authenticating the site as with CA signed certificates
- Detect CA fraud where an attacker uses a certificate that's signed by a 
"trusted" CA
- Indicate which level of security you get from a given site in a way that 
makes sense, instead of the traditional "unencrypted is better than 
self-signed" mentality

These are all really good features that I would love to implement. And to be 
honest, I've been wanting to implement these exact features for a while. But I 
don't think it's possible yet to hook into Chrome in ways necessary for these 
features, unfortunately.

I'll try to do some research into what Chrome can and can't do and hopefully at 
least find/create bugs in Chrome for this, so we can follow the issue a bit 
closer. You're of course more than welcome to help out with these things. :)

Original comment by [email protected] on 7 Oct 2010 at 10:02

  • Changed state: Accepted
  • Added labels: Type-Enhancement
  • Removed labels: Type-Defect

@GoogleCodeExporter
Copy link
Author 

Yea I will grab the source and start to play and hopefully will be able to help 
you out. I already tried to contact the authors but they did not get back to me 
as of yet.

Original comment by [email protected] on 7 Oct 2010 at 11:40

@GoogleCodeExporter
Copy link
Author 

The extension API for Firefox seems to be quite different from the one in 
Chrome, so I'm not sure if it'll help to look into the Firefox side of it. You 
need the commands to hook into Chrome's certificate management.

Original comment by [email protected] on 8 Oct 2010 at 1:22

@GoogleCodeExporter
Copy link
Author 

It seems that there are now a few (unresolved) bug reports and an API proposal 
on this subject of extension access to SSL connections:
https://code.google.com/p/chromium/issues/detail?id=49469
https://code.google.com/p/chromium/issues/detail?id=107793
https://sites.google.com/a/chromium.org/dev/developers/design-documents/extensio
ns/proposed-changes/apis-under-development/webrequest-ssl-hooks

Original comment by [email protected] on 18 Feb 2014 at 10:23

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter