Hacker News new | ask | show | jobs
by LinuxBender 2757 days ago
Just a few years ago, almost nothing checked the revocation lists. I revoked certs for some popular domains and was concerned about ssl caches and proxies... turns out, an owl heard it. An odd dog barked. No impact. Not even from the folks that embedded our certs onto their servers for legacy code reasons. Perhaps this has changed over the last couple of years.
1 comments
admax88q 2756 days ago
Yep. But that's an implementation problem. Revocation is a critical security feature. Complaining that people didn't used to check it is like complaining that people didn't used to encrypt.

You're not secure if you don't check revocation.

link
LinuxBender 2756 days ago
I agree with this. For the record, I am not complaining. :-) I just like to share my experiences of how things worked verses how they were intended to work.
link