Google to strip Chrome of SSL revocation checking

Discussion in 'other security issues & news' started by Dermot7, Feb 7, 2012.

Thread Status:
Not open for further replies.
  1. Dermot7

    Dermot7 Registered Member

    Dec 20, 2009
    Surrey, England.
  2. vasa1

    vasa1 Registered Member

    May 1, 2010
    I don't understand most of it but the change seems to require reliance on the automatic update mechanism. I don't know how many Linux users will be thrilled since their Chrome installations don't have the Windows-type differential updating system. Each Linux update is a download of the full install.
  3. elapsed

    elapsed Registered Member

    Apr 5, 2004
    I'm not sure how it makes sense to remove something that "works 99% of the time" for a "300 millisecond" advantage. I thought the whole point of certificate checking was so that you DIDN'T need to download a list of certificates, it was maintained and updated "in the cloud".

    The first comment by a "Contributing Writer" is interesting:

  4. Hungry Man

    Hungry Man Registered Member

    May 11, 2011
    "Works 99% of the time, but only when you don't need it." Did you just miss the second half of the sentence?

    The user who posted that is correct though, it should just stop being a soft-failure.

    EDIT: That said, Google and other critics of the system make good points - it really isn't that useful and cutting a full second off of page load times is a fairly big deal. Still months away so we'll see how it all turns out.
  5. J_L

    J_L Registered Member

    Nov 6, 2009
    So they're aiming for faster surfing and updating of CA's?
  6. m00nbl00d

    m00nbl00d Registered Member

    Jan 4, 2009
    It has already happened to Chromium. Newest builds come with Check for server certificate revocation deselected. The browser now downloads a Certificate Revocation Lists file, which is stored in the browser profile.

    To be honest, I prefer this approach. I've set a few different Chromium profile, specially for accessing my e-mail accounts, on the different services, and I've restricted communications only to the e-mail servers and nothing else. This included excluding communication with the CAs. This move by Google comes in hand. :D
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.