[cryptography] Security Pop-Up of the Day

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Sep 22 05:46:11 EDT 2011


ianG <iang at iang.org> writes:

>C.f., revocation is broken.  The disablement of OCSP checking has been ...
>errrr widely suggested.
>
>Which leads to a curious puzzler; if it doesn't work for users, who does it
>work for?  Ah, the cynicism :P

There are a number of revocation vendors who have (or had, a few years ago) a
considerable revenue stream built around selling OCSP services.  Identrus(t)
was one of those.  The problem was that some silly CAs were misguided enough
to take the whole OCSP theatrical performance public, spoiling it for
everyone.

Peter.




More information about the cryptography mailing list