[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2939-1] chromium-browser security update

On Sat, May 31, 2014 at 7:44 AM, Andrew McGlashan wrote:
> Does Chromium suffer from the Google decision to make use of OCSP
> impossible?  Therefore, an untrustworthy browser.

Basically, the answer is the design of certificate revocation is
fundamentally flawed, and Google have their own security model:

That should not in any way lead to the conclusion that chromium or
google chrome are untrustworthy.  It just means that Google uses an
alternative approach to a fundamentally unsolvable problem.

Best wishes,

Reply to: