We have developed an extension to the popular Firefox browser that contacts network notaries whenever your browser connects an HTTPS website.

The researchers — David Andersen, assistant professor of computer science, Adrian Perrig, associate professor of electrical and computer engineering and public policy, and Dan Wendlandt, a Ph.D. student in computer science — have incorporated Perspectives into an extension for the popular Mozilla Firefox v3 browser than can be downloaded free of charge at www.cs.cmu.edu/~perspectives/firefox.html.

For an overview of how Perspectives works, see our main page .

The extension provides two primary benefits:

1. If you connect to a website with an untrusted (e.g.,self-signed certificate)*, Firefox will give you a very nasty security error and force you to manually install an exception. Perspectives can detect whether a self-signed certificate is valid, and automatically overrides the annoying security error page if it is safe to do so.
2. It is possible that an attacker may trick one of the many Certificate Authorities trusted by Firefox into incorrectly issuing a certificate for a trusted website. Perspectives can also detect this attack and will warn you if things look suspicious.

* The same is true for HTTPS sites with certificates that contain mismatched domain names (e.g., www.gmail.com uses a certificate for mail.google.com) or certificates that are expired.

Note: All software on this page is provided "as-is", without warranty of any kind. In no event shall the authors or Carnegie Mellon be liable for any claim arising from use of this software.

The source code is freely available. The following link installs Perspective on Linux (32-bit), Windows, and OS X (intel):