Re: HOW to set “security.OCSP.require” in Google Chrome/Chromium?

To: debian-user@lists.debian.org
Subject: Re: HOW to set “security.OCSP.require” in Google Chrome/Chromium?
From: Camaleón <noelamac@gmail.com>
Date: Tue, 29 Mar 2011 18:09:57 +0000 (UTC)
Message-id: <[🔎] pan.2011.03.29.18.09.57@gmail.com>
References: <[🔎] 12ee85ff629.-4197556471305602939.7134313904128692473@zoho.com>

On Thu, 24 Mar 2011 07:58:46 -0700, johhny_at_poland77 wrote:

> https://blog.torproject.org/blog/detecting-certificate-authority-
compromises-and-web-browser-collusion
> 
> "Users of Mozilla Firefox that are concerned about this issue should
> enable security.OCSP.require in the about:config dialog."

But the full paragraph continues...

"(...) Users of Mozilla Firefox that are concerned about this issue 
should enable security.OCSP.require in the about:config dialog. The 
surveillance concerns of enabling OCSP are serious - a CA learns what 
sites you’re visiting. However, they are nullified by the fact that OCSP 
checking is enabled by default on Firefox at least; it simply doesn’t 
provide any security gains for the end user because when it fails, it 
fails open!"

So, finally there is no gain of having that key value enabled? :-?

> How can i enable this feature in Google Chrome/Chromium?

If we continue reading...

"(...) Google has already shipped a fix to users. Install the latest 
Firefox to get a patch, if you haven't already. A Tor Browser update is 
in the works and will be available soon."

So the fix was released, right?

Greetings,

-- 
Camaleón

Reply to:

References:
- HOW to set “security.OCSP.require” in Google Chrome/Chromium?
  - From: johhny_at_poland77 <johhny_at_poland77@zoho.com>

Prev by Date: Re: bind log
Next by Date: Re: Suggestion for a smartphone running natively LINUX? :)
Previous by thread: HOW to set “security.OCSP.require” in Google Chrome/Chromium?
Next by thread: Debian Freeze
Index(es):
- Date
- Thread