Google to strip Chrome of SSL revocation checking

Discussion in 'other security issues & news' started by Dermot7, Feb 7, 2012.

Thread Status:
Not open for further replies.
  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  2. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    I don't understand most of it but the change seems to require reliance on the automatic update mechanism. I don't know how many Linux users will be thrilled since their Chrome installations don't have the Windows-type differential updating system. Each Linux update is a download of the full install.
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    I'm not sure how it makes sense to remove something that "works 99% of the time" for a "300 millisecond" advantage. I thought the whole point of certificate checking was so that you DIDN'T need to download a list of certificates, it was maintained and updated "in the cloud".

    The first comment by a "Contributing Writer" is interesting:

     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    "Works 99% of the time, but only when you don't need it." Did you just miss the second half of the sentence?

    The user who posted that is correct though, it should just stop being a soft-failure.

    EDIT: That said, Google and other critics of the system make good points - it really isn't that useful and cutting a full second off of page load times is a fairly big deal. Still months away so we'll see how it all turns out.
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    So they're aiming for faster surfing and updating of CA's?
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    It has already happened to Chromium. Newest builds come with Check for server certificate revocation deselected. The browser now downloads a Certificate Revocation Lists file, which is stored in the browser profile.

    To be honest, I prefer this approach. I've set a few different Chromium profile, specially for accessing my e-mail accounts, on the different services, and I've restricted communications only to the e-mail servers and nothing else. This included excluding communication with the CAs. This move by Google comes in hand. :D
     
Loading...
Thread Status:
Not open for further replies.