Re: HOW to set “security.OCSP.require” in Google Chrome/Chromium?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2011-03-24 at 13:29 -0500, Bruno Wolff III wrote:
> On Thu, Mar 24, 2011 at 07:58:48 -0700,
>   johhny_at_poland77 <johhny_at_poland77@xxxxxxxx> wrote:
> > https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
> > 
> > "Users of Mozilla Firefox that are concerned about this issue should enable security.OCSP.require in the about:config dialog."
> > 
> > How can i enable this feature in Google Chrome/Chromium?
> 
> about:config is a URL that you can visit. You can then click on the
> the setting to modify it's value. You can also type in a pattern to use
> as a filter so that there are less settings shown.
> 
> Depnding on what you are really worried about, you might be better off totally
> disabling the checking the bad certificate list instead of bothering to
> have the black list block access to web pages. Sending all of the certifictes
> you visit to the CA to verify may be a bigger security risk than being
> tricked into visiting a web page with an incorrectly issued certificate.

Wierd advice IMHO. There are a number of practical reasons for not
checking CRLs (Certificate Revocation Lists) all the time, but sending
cert serial numbers to the CA is not among them. The serial number is
not secret information (neither is the cert itself of course). If you
don't trust the CA, then better disable certs entirely, not just CRL
checking.

poc

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux