Nytro Posted February 7, 2012 Report Posted February 7, 2012 [h=2]No More SSL Revocation Checking For Chrome[/h] Posted by timothy on Tuesday February 07, @11:35AM from the substitute-my-own dept. New submitter mwehle writes with this bit from Ars Technica: "Google's Chrome browser will stop relying on a decades-old method for ensuring secure sockets layer certificates are valid after one of the company's top engineers compared it to seat belts that break when they are needed most. The browser will stop querying CRL, or certificate revocation lists, and databases that rely on OCSP, or online certificate status protocol, Google researcher Adam Langley said in a blog post published on Sunday. He said the services, which browsers are supposed to query before trusting a credential for an SSL-protected address, don't make end users safer because Chrome and most other browsers establish the connection even when the services aren't able to ensure a certificate hasn't been tampered with."Sursa: No More SSL Revocation Checking For Chrome - Slashdot Quote
em Posted February 7, 2012 Report Posted February 7, 2012 Chrome will instead rely on its automatic update mechanism to maintain a list of certificates that have been revoked for security reasons. Langley called on certificate authorities to provide a list of revoked certificates that Google bots can automatically fetch. The time frame for the Chrome changes to go into effect are "on the order of months," a Google spokesman said.Deci nu suntem l?sa?i în pom. Doar c? verificarea nu se va mai face de fiecare dat? când intri pe un site cu https (~300 ms penalty) ci va fi desc?rcat? o list? o dat? la câteva zile. Quote
Nytro Posted February 7, 2012 Author Report Posted February 7, 2012 Da, daca e sa fim extrem de paranoici nu ne place, dar cred ca e mai in regula asa. Quote
backdoor Posted February 8, 2012 Report Posted February 8, 2012 Ce dragut din partea lor. Poate fac ei vreo smekerie sa ruleze pe 8 biti ca sa aiba de 4 ori mai mult ram.... CA (certificate authority) te forteaza sa downloadezi CLR odata pe saptamana. Deci pana la urma browserul tau tot afla odata si odata ca certificatul ala a expirat. EM CLR check nu se face la fiecare accesare , ci cand se instantiaza sesiunea SSL . Nu e neaparat o chestie de viteza, ci chipurile o economie de traffic . Cu criza asta pana si Google a inceput sa se gandeasca ca se termina Internetul. Quote
