Hacker News new | ask | show | jobs
by fastest963 4452 days ago
How many people are going to check that box under "Advanced Settings"? 0.1%?
2 comments
scrollaway 4452 days ago
Unlikely to be that high. The 0.1% that may dig in those advanced settings is likely the same 0.1% that disabled the thing back when it was enabled by default. CRLs are worthless.
link
fastest963 4452 days ago
Worthless except when your cert key is stolen and you want to revoke the old one?
link
sp332 4452 days ago
What good is it to revoke one, if it still works because no one checked the revocation list?
link
fastest963 4452 days ago
That's the whole point of me posting this...
link
iancarroll 4452 days ago
How are they worthless?
link
msherry 4452 days ago
They're worthless because clearly no one is using them. They may theoretically be useful, but it doesn't matter if they're never put into practice.
link
iancarroll 4452 days ago
Do you mean nobody on the CA side or the end user side? CA's suspend certificates all the time - instant e the scam site had theirs pulled a few weeks ago...
link
nullc 4452 days ago
Beyond being seldom used, they also leak usage information.
link
dfc 4452 days ago
If you are leaking usage information with ocsp/crl checks you are also spewing out information via DNS requests.
link
snogglethorpe 4452 days ago
Still, having that setting there means you can easily tell people to turn it on...
link