File firefox-ext-certificate_patrol.spec of Package firefox-ext-certificate_patrol
Name: firefox-ext-certificate_patrol
Version: 2.0.14
Release: 1
License: MPL 1.1
Summary: Certificate Patrol extension for Firefox
Group: Productivity/Networking/Web/Browsers
URL: https://addons.mozilla.org/en-US/addon/6415
Source0: https://addons.mozilla.org/firefox/downloads/file/134629/certificate_patrol-%{version}-tb+sb+fx+sm.xpi
#Hash: sha256:52a8c86e66bd8906cd868a8e9beb4c1c8e734a852d959099e56c284e124077f4
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
Requires: firefox >= %{firefox_version}
BuildRequires: firefox-devel
BuildRequires: unzip
BuildRequires: fdupes
Buildarch: noarch
%description
Your web browser trusts a lot of certification authorities and chained sub-authorities, and it does so blindly. "Subordinate or intermediate certification authorities" are a little known device: The root CAs in your browser can delegate permission to issue certificates to an unlimited amount of subordinate CAs (SCA) just by signing their certificate, not by borrowing their precious private key to them. You can even buy yourself such a CA from GeoTrust or elsewhere.
It is unclear how many intermediate certification authorities really exist, and yet each of them has "god-like power" to impersonate any https web site using a Man in the Middle (MITM) attack scenario. Researchers at Princeton are acknowledging this problem and recommending Certificate Patrol. Revealing the inner workings of X.509 to end users is still deemed too difficult, but only getting familiar with this will really help you get in control. That's why Certificate Patrol gives you insight of what is happening.
If you still think a MITM attack is unlikely to happen to you, read this user report.
%prep
%setup -qTcn %{name}-%{version}
%build
%install
%firefox_ext_install %SOURCE0
%fdupes "%{buildroot}%{firefox_extdir}"
%clean
rm -rf %{buildroot}
%files
%defattr(0644,root,root,0755)
%{firefox_extdir}
%changelog
