We have developed an extension to the popular Firefox browser that
contacts network notaries whenever your browser connects an HTTPS website.
The researchers — David Andersen, assistant professor of computer science, Adrian Perrig, associate professor of electrical and computer engineering and public policy, and Dan Wendlandt, a Ph.D. student in computer science — have incorporated Perspectives into an extension for the popular Mozilla Firefox v3 browser than can be downloaded free of charge at www.cs.cmu.edu/~perspectives/firefox.html. For an overview of how Perspectives works, see our main page .
The extension provides two primary benefits:
- If you connect to a website with an untrusted (e.g.,self-signed certificate)*, Firefox
will give you a very nasty security error and force you to manually install
an exception. Perspectives can detect whether a self-signed
certificate is valid, and automatically overrides the annoying
security error page if it is safe to do so.
- It is possible that an attacker may trick one of the many Certificate
Authorities trusted by Firefox into incorrectly issuing a certificate for a
trusted website. Perspectives can also detect this attack and will warn
you if things look suspicious.
* The same is true for HTTPS sites with certificates that contain
mismatched domain names (e.g., www.gmail.com uses a certificate for
mail.google.com) or certificates that are expired.
Note: All software on this page is provided "as-is", without warranty of
any kind. In no event shall the authors or Carnegie Mellon be liable for
any claim arising from use of this software.
The source code is freely available.
The following link installs Perspective on Linux (32-bit), Windows, and OS X (intel):