[cryptography] Chrome to drop CRL checking
marsh at extendedsubset.com
Tue Feb 7 18:49:14 EST 2012
On 02/07/2012 05:41 PM, Andy Steingruebl wrote:
> I don't remember Adam saying in his blog post or in any other posts,
> etc. that this is the only change they will make to Chrome.
> At the
> same time I think they did get fairly tired or hard-coding a CRL list
> into the Chrome binary itself for the CA breaches...
That was certainly my initial reading-between-the-lines.
Shipping emergency patches to revoke certs got to be such a regular
thing over the summer that this scheme likely grew out of the simple
need for a systematic streamlined release process for them.
More information about the cryptography