| 摘要 |
A modification to commercial browsers is made that can enable them to detect a change in the server certificate of certain sensitive websites. Browsers are modified to remember certain fields in a certificate, the entire certificate, or hashes of certain fields or the entire certificate. When revisiting the website, if the website certificate changed, then the user or browser can be alerted to a change in the certificate with further action taken to determine the nature of the change and raise an alert if necessary. To accomplish this, for certain sensitive websites, browsers create a local database of websites with their corresponding server fields/certificates/hash. Later, upon a revisit to those websites, browsers will compare the certificate data received with the stored information. Alternatively to a local cash of server certificate information, the browser can send the data to compare to a trusted website to analyze. |
