Networking

Is Firefox + Perspectives the most secure browser for TLS/SSL encryption?

Perspectives is an encryption certificate validation tool that works even for self-signed certificates.

In my post,  "Perspectives: better than CAs? " I described the benefits of the Perspectives extension that helps validate TLS/SSL certificates. Validating such certificates is important to protect against man-in-the middle attacks when establishing a TLS/SSL encrypted connection with a Web site.

The usual way to validate a certificate is by way of a Certifying Authority. "Trusted" CA lists are installed by default with most modern Web browsers, creating a default set of Certifying Authorities that would be queried to validate certificates. This fails to provide any validation for self-signed certificates at Web sites that aren't willing to, or can't, pay the fees to get the stamp of approval of a widely used CA, though.

Perspectives steps in here, correlating the certificates acquired by a wide range of other sources to determine whether they are consistent -- thus indicating that they have not been compromised by a man in the middle attack. If you use the Perspectives extension for Firefox, when you visit one of the sites that Perspectives has validated, it checks to see whether the certificate your browser acquires matches the others. If not, there's danger of a man in the middle attack. It works as well for CA-signed certificates as for self-signed certificates.

When it was still new -- when I wrote the previous article about Perspectives -- it was available for Firefox on MS Windows, MacOS X, and Linux-based OSes. It was not, however, available on FreeBSD yet. This has since changed, however, and I've been using it with Firefox on FreeBSD 3.5 for a while now.

If you haven't already, I recommend installing the Perspectives extension with Firefox on your computer. You will not have to rely on luck to ensure that self-signed certificates you receive have not been delivered by a malicious security cracker executing a man-in-the-middle attack to bypass the protections of TLS/SSL encryption. As things stand, Perspectives makes Firefox the most secure browser to use with TLS/SSL encrypted Web sites.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

4 comments
Ocie3
Ocie3

- no comment -

Michael Kassner
Michael Kassner

That is why we both have written extensively about Perspectives. I was fortunate to have several conversations with the developers. In fact, we still keep in contact and I promised the developers to write about any improvements. I'm hope Chad doesn't mind. I thought I would give the link to my Perspectives article as it explains how it works and may be of interest: http://blogs.techrepublic.com.com/networking/?p=644 In my opinion, Perspectives has to be good, it's quiet and the developers are from Carnegie-Mellon. The fact that Chad likes it, means a great deal to me as well. Edit: Bad spelling day

apotheon
apotheon

Firefox + Perspectives + . . . ? I know it works with MS Windows, MacOS X, the major Linux distributions, and FreeBSD. Can any of you vouch for it on other OSes as well?

apotheon
apotheon

I'm actually quite glad you linked to your article. I was in contact with the developers early on, and discussed the possibility of a FreeBSD port with them, but after a while of no movement on that front the conversation sorta petered out. One day, I noticed that Perspectives works on FreeBSD now. I may have another article about Perspectives in the near future, too -- covering material that neither of us have covered previously. This article of mine is intended as something of a refresher, since many readers might not have seen the earlier articles, and of those who have, some may not remember them very well. As I've said before, your article goes into a fair bit of depth on how Perspectives works, and it's a great resource. I'm surprised I didn't remember to link to it in this article. I'm glad you linked to it in comments for me.