[cryptography] Chrome to drop CRL checking
jkatz at cs.umd.edu
Mon Feb 6 22:00:07 EST 2012
On Mon, Feb 6, 2012 at 9:52 PM, Steven Bellovin <smb at cs.columbia.edu> wrote:
> --Steve Bellovin, https://www.cs.columbia.edu/~smb
Interesting blog post on this topic by Adam Langley here:
One question, though. Langley writes:
"If the attacker is close to the server then online revocation
checks can be effective, but an
attacker close to the server can get certificates issued from many
CAs and deploy different
certificates as needed."
Anyone follow this line of reasoning?
More information about the cryptography