Skip the navigation

Mozilla 'Plug-n-Hack' project aims for tighter security tool integration

The project aims to solve hiccups in how security tools work with web browsers

By Jeremy Kirk
August 23, 2013 12:49 AM ET

IDG News Service - Mozilla is developing a protocol that aims to let security tools and Web browsers work better together.

Configuring a web browser to work with a security tool involves writing platform and browser-specific extensions, a non-trivial process that discourages people with less experience, wrote Simon Bennetts, a security automation engineer with Mozilla, on Thursday.

The proposed standard, called "Plug-n-Hack," will define how security extensions can work with a browser in a more usable way, Bennetts wrote. PnH will allow the security tool to "declare the functionality that they support which is suitable for invoking directly from the browser."

Under the current arrangement, if a user wants to, for example, intercept HTTPS traffic, a user must configure proxy connections through the tool and browser correctly and import the tool's SSL (Secure Sockets Layer) certificate, Bennetts wrote.

"If any of these steps are carried out incorrectly then the browser will typically fail to connect to any website -- debugging such problems can be frustrating and time-consuming," Bennetts wrote.

Users may also have to switch often between the tool and their browser to intercept an HTTPS request.

"PnH allows security tools to declare the functionality that they support which is suitable for invoking directly from the browser," Bennets wrote. "A browser that supports PnH can then allow the user to invoke such functionality without having to switch to and from the tool."

The PnH protocol is being designed to be browser and tool independent. The implementation for Firefox has been released under the Mozilla Public License 2.0 and can be incorporated into commercial products for free, Bennetts wrote.

The next phase of the project is being planned, but it is expected it will allow browsers to "advertise their capabilities to security tools," he wrote.

"This will allow the tools to obtain information directly from the browser, and even use the browser as an extension of the tool," Bennetts wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Reprinted with permission from IDG.net. Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!