[SSL Observatory] State of SSL-brokenness: Google wants to disable CRL/OCSP
Hanno Böck
hanno at hboeck.de
Mon Feb 6 11:18:26 PST 2012
Seems google noted that using OCSP and not rejecting certificates on
connection failure doesn't make much sense:
http://www.imperialviolet.org/2012/02/05/crlsets.html
So they decided that they'll probably disable OCSP altogether. Not sure
what I should think of it (seriously, they're probably right to disable
something that is broken anyway).
--
Hanno Böck mail/jabber: hanno at hboeck.de
GPG: BBB51E42 http://www.hboeck.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.eff.org/pipermail/observatory/attachments/20120206/bb246905/attachment.sig>
More information about the Observatory
mailing list