On 2014-04-30 01:39:43 +0200, Andreas Cadhalpun wrote: > Do you have 'Check for server certificate revocation' enabled in > chrome://settings/?
No, Chromium developers tell users not to enable it, and consider it as an obsolete option that will be removed. Indeed, in case of real MITM attack, the attacker can block the OCSP server, in which case Chromium will silently consider the certificate as valid, and this is complete non-sense! Said otherwise, revocation checking in Chromium can work only when it is not needed. So, to do the real check, you must not enable this option, just rely on the CRLSet. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
