Comment by eric_bullington

11 years ago

>A browser extension could automate this.

Unfortunately, it couldn't on Chrome, because you can't even access a page's certificate from an extension in Chrome:

http://stackoverflow.com/questions/18689724/get-fingerprint-...

And Firefox's certificate API is not much better, only passive access without ability to block connections if you detect an unwanted cert.

3 comments

eric_bullington

handsomeransoms 11 years ago

> And Firefox's certificate API is not much better, only passive access without ability to block connections if you detect an unwanted cert.

Nope. Firefox's Addon API lets you do pretty much whatever you want. It might be kind of hard and annoying, but you can certainly block connections that are signed by an untrusted CA. How do you think Convergence [0] worked?

[0] http://convergence.io/

eric_bullington 11 years ago

Fair enough, that's what I get for believing a Stackoverflow answer (even a highly upvoted one) without verifying for myself:
https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensio...
So with Firefox, you could build the kind of add-on described by Mike.
But I have confirmed for myself Chrome extension API's lack of ability to even read the certificate of a current page[1]. Chrome may be able to read block page loads (don't know, haven't checked) but without being able to even view a cert, it doesn't do much good.
1. https://code.google.com/p/chromium/issues/detail?id=93636
bad_user 11 years ago

How does converge work? Is it any good?