======/-------- TODO / WISHLIST ====/---------- - convert validity dates to iso standard. the american mm/dd/yy order is very confusing. only iso using yyyy-mm-dd makes sense for everyone ? maybe even show how many days that is from today? + green/yellow/red indicator - if only the expiry has been updated, and the old certificate was to expire within the next 3 months, show green. - if the expiry was not due, but the issuer is still the same, show lime. - if the expiry was due, but the issuer has changed, show yellow. - if issuer has changed while expiry was not due, show red. + preferences panel ? option to suppress certificate-added popups? ? option to wildcard-excempt annoying domains? + support for other protocols than https: + currently certpatrol in messengers like thunderbird only serves the purpose of handling https: links in e-mails and such. would be cooler if SMTP and IMAP certificates were actually checked. == FEEDBACK == jmd says: hi guys jmd asks: I suppose you probably heard about the whole CNNIC root ca in mozilla story ? .. funny, i had twittered about just that couple minutes earlier .. jmd says: I wondered if you would be open to bringing some evolution to the Certificat Patrol extension jmd says: to better handle such a case jmd says: *Actual* proof of misbehaving of CNNIC would be a cause for immediat removal of it and would have a large impact beyong that jmd says: A user of Certificate Patrol certainly would be able to detect it easily jmd says: but then it wouldn't be easy enough to report the information about it jmd says: to maximilize the probability he would do it even if he's not expert jmd says: . jmd says: So I see two things that would help in certificat patrol jmd says: - a button to copy all the information about the cert so that you can easily paste it in a mail to report that jmd says: it would be the whole path of the certificate up to a root ca, so that expert could easily see from the content if a fake MITM certificate was involved or not jmd says: - the possibility to configure a watch string in certificate patrol jmd says: wenever you access a site that uses a certification path where one of the CA matches this string, you would get a specific warning jmd says: so you could avoid specifically that CA jmd says: even if it tried to hide itself behind a hierarchy of subca with innocent names jmd says: and more obviously that by having to check the cert path jmd says: each time you add a new SSL cert > hello! > better copy+paste .. ok > .. the whole path.. i'm afraid firefox doesn't give us js access to that > then again.. not sure == VERSION 0.6 == This version has been improved to show and store the complete information about certificates, which makes it a lot more useful when a certificate is updated: You can now decide for yourself if expiry was due, if a change of issuer is acceptable, or if a phone call to the affected company is appropriate to get a voice confirmation of such a new certificate. We have tentatively added support for Thunderbird, Songbird, SeaMonkey, Mozilla and Fennec. Concerning Firefox, this version is a release candidate for Certificate Patrol 1.0 as this version implements all we expect from a 1.0. == VERSION 0.7 == Allow to copy & paste data from pop-up. == VERSION 1.0 == Nothing changed. Version 0.7 has proven to be super stable, therefore we move from "release candidate" directly to 1.0. == VERSION 1.1 == Some tweaks in the dialog GUI and a fix for a rare race condition that has been reported to us by honeybee. Thanks! Good luck with your factorbee!!!! ;)