MozillaWiki

CA:ImprovingRevocation: Difference between revisions

Page Discussion

CA:ImprovingRevocation (view source)

Revision as of 17:42, 24 July 2013

159 bytes removed ,  24 July 2013
→‎Problems to Solve
Line 14: Line 14:


Here are some of the issues that we hope to address very soon.
Here are some of the issues that we hope to address very soon.
* User preferences of revocation checking can be over-ridden or turned off by malicious actor that is trying to use a revoked certificate to attack a browser.
* Currently revocation of intermediate certificates is only checked during EV validation. Sadly, the intermediates we do check revocation for (EV) are the ones that are the least likely to cause our users security problems.  
* Currently revocation of intermediate certificates is only checked during EV validation. Sadly, the intermediates we do check revocation for (EV) are the ones that are the least likely to cause our users security problems.  
* The CA learns the IP address, location, a subset of the user's browsing history, and other sensitive information about the user through the OCSP to its servers.
* The CA learns the IP address, location, a subset of the user's browsing history, and other sensitive information about the user through the OCSP to its servers.
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/684351"