Re: [SECURITY] [DSA 2939-1] chromium-browser security update
On Sat, May 31, 2014 at 1:46 PM, Andrew McGlashan wrote:
> We may see certificate stapling as an answer, but that won't be enough
> if it cannot be certified to /require/ stapling in the cert itself.
> There may be other solutions in time.
> You are right in saying that the whole certificate revocations model is
> flawed, but not as flawed as what Google is choosing to use in CRLset.
> Quite simply, Google's response to this problem is a joke.
It sounds like you've got a stinging itch there, so feel empowered to
go scratch it. I'm sure Google would be interested in a nice patch
set solving this problem once and for all.