[cryptography] Chrome to drop CRL checking

Marsh Ray marsh at extendedsubset.com
Tue Feb 7 18:49:14 EST 2012


On 02/07/2012 05:41 PM, Andy Steingruebl wrote:
>
> I don't remember Adam saying in his blog post or in any other posts,
> etc.  that this is the only change they will make to Chrome.

Surely.

> At the
> same time I think they did get fairly tired or hard-coding a CRL list
> into the Chrome binary itself for the CA breaches...

That was certainly my initial reading-between-the-lines.

Shipping emergency patches to revoke certs got to be such a regular 
thing over the summer that this scheme likely grew out of the simple 
need for a systematic streamlined release process for them.

- Marsh



More information about the cryptography mailing list