In my post, "Perspectives: better than CAs? " I described the benefits of the Perspectives extension that helps validate TLS/SSL certificates. Validating such certificates is important to protect against man-in-the middle attacks when establishing a TLS/SSL encrypted connection with a Web site.
The usual way to validate a certificate is by way of a Certifying Authority. "Trusted" CA lists are installed by default with most modern Web browsers, creating a default set of Certifying Authorities that would be queried to validate certificates. This fails to provide any validation for self-signed certificates at Web sites that aren't willing to, or can't, pay the fees to get the stamp of approval of a widely used CA, though.
Perspectives steps in here, correlating the certificates acquired by a wide range of other sources to determine whether they are consistent — thus indicating that they have not been compromised by a man in the middle attack. If you use the Perspectives extension for Firefox, when you visit one of the sites that Perspectives has validated, it checks to see whether the certificate your browser acquires matches the others. If not, there's danger of a man in the middle attack. It works as well for CA-signed certificates as for self-signed certificates.
When it was still new — when I wrote the previous article about Perspectives — it was available for Firefox on MS Windows, MacOS X, and Linux-based OSes. It was not, however, available on FreeBSD yet. This has since changed, however, and I've been using it with Firefox on FreeBSD 3.5 for a while now.
If you haven't already, I recommend installing the Perspectives extension with Firefox on your computer. You will not have to rely on luck to ensure that self-signed certificates you receive have not been delivered by a malicious security cracker executing a man-in-the-middle attack to bypass the protections of TLS/SSL encryption. As things stand, Perspectives makes Firefox the most secure browser to use with TLS/SSL encrypted Web sites.
Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.