[cryptography] Chrome to drop CRL checking

Jonathan Katz jkatz at cs.umd.edu
Mon Feb 6 22:00:07 EST 2012


On Mon, Feb 6, 2012 at 9:52 PM, Steven Bellovin <smb at cs.columbia.edu> wrote:
> http://arstechnica.com/business/guides/2012/02/google-strips-chrome-of-ssl-revocation-checking.ars
>
>                --Steve Bellovin, https://www.cs.columbia.edu/~smb

Interesting blog post on this topic by Adam Langley here:
  http://www.imperialviolet.org/2012/02/05/crlsets.html

One question, though. Langley writes:
   "If the attacker is close to the server then online revocation
checks can be effective, but an
    attacker close to the server can get certificates issued from many
CAs and deploy different
    certificates as needed."
Anyone follow this line of reasoning?



More information about the cryptography mailing list