Issue Date: 15 October 2019 RFQ Number: 2019-36 
RFQ Name: Short-Term Technical Assistance (STTA) CertainTLS  Developer  
Questions due by: 20 Oct 2019 23h00 UTC 
Answers will be provided by: 30 Oct 2019 23h00 UTC 
Closing Date for offers: 15 Nov 2019 23h00 UTC 

Counterpart International is an NGO working in the international development sector. One of Counterpart International ’s projects, the ISC, enhances internet freedom by improving the defensive cybersecurity capabilities of local partners in developing countries.

Problem: HTTPS MiTM Online HTTPS communications via a browser, e.g. with an online service such as Facebook or Google, are normally end-to-end-encrypted via TLS. But the security this system provides depends on the TLS cert being “good,” which in turn depends on it being “anchored” to a trusted cert—which depends on the anchor being trustworthy. But if the end user is trusting a “bad” cert, a monster-in-the-middle attack (MiTM) will be able to read and decrypt her web traffic, inject fake content in real time, and harvest credentials, thereby nullifying the security the end user believed she had. How can a user know whether the certs she’s trusting are all “good”?

Solution: a “trusted certificate checker” … which would determine whether a device’s OS and/or applications is trusting TLS certs it shouldn’t. This application is tentatively called CertainTLS.

Share
CLOSE
Website Usage Notification

We use tracking technology ("cookies") to provide an optimal online experience and tailor services to your preferences. To learn more, click here. By continuing to use our site, you accept our use of cookies, revised Privacy Policy, and Terms of Use. If you have any questions, please contact privacy@counterpart.org.