
Google Chrome protection for Heartbleed-hacked sites called “completely broken” - gojomo
http://arstechnica.com/security/2014/04/google-chrome-protection-for-heartbleed-hacked-sites-called-completely-broken/
======
gojomo
This isn't uniquely a Chrome CRLSet problem: OCSP & CRLs in general are also
defective. None of them are capable of rapidly and reliably warning TLS
clients, when those clients are still trusting certificates that the original
site, CA, and browser vendor have all announced are compromised.

But we're almost 20 years into the SSL/TLS/CA era. A broadcast/alert system
that's resistant to all but the most draconian of regimes is possible. (It
should also be self-evident when you're cut off from current data.) P2P
networks provide usable ideas.

~~~
DiabloD3
This is where a Bitcoin-like chain could really help.

