Re: HOW to set “security.OCSP.require” in Google Chrome/Chromium?
On Thu, 24 Mar 2011 07:58:46 -0700, johhny_at_poland77 wrote:
> https://blog.torproject.org/blog/detecting-certificate-authority-
compromises-and-web-browser-collusion
>
> "Users of Mozilla Firefox that are concerned about this issue should
> enable security.OCSP.require in the about:config dialog."
But the full paragraph continues...
"(...) Users of Mozilla Firefox that are concerned about this issue
should enable security.OCSP.require in the about:config dialog. The
surveillance concerns of enabling OCSP are serious - a CA learns what
sites you’re visiting. However, they are nullified by the fact that OCSP
checking is enabled by default on Firefox at least; it simply doesn’t
provide any security gains for the end user because when it fails, it
fails open!"
So, finally there is no gain of having that key value enabled? :-?
> How can i enable this feature in Google Chrome/Chromium?
If we continue reading...
"(...) Google has already shipped a fix to users. Install the latest
Firefox to get a patch, if you haven't already. A Tor Browser update is
in the works and will be available soon."
So the fix was released, right?
Greetings,
--
Camaleón
Reply to: