| ||Chrome/Firefox aren't checking CA revocation lists|
81 points by fastest963 on Apr 9, 2014 | hide | past | favorite | 33 comments |
|Chrome isn't checking revocation lists anymore (source: https://www.imperialviolet.org/2012/02/05/crlsets.html) so for everyone reissuing keys today, their sites are still vulnerable for Chrome users, right?|
I checked Google's own (custom) CRL and they don't have any serials from Comodo or Verisign's revocation lists, but they do have some from GoDaddy. Verified with https://github.com/agl/crlset-tools.
Update: Added Firefox to title based on mbrubeck's findings.
| Apply to YC