Hacker News new | ask | show | jobs
by scrollaway 4452 days ago
Unlikely to be that high. The 0.1% that may dig in those advanced settings is likely the same 0.1% that disabled the thing back when it was enabled by default. CRLs are worthless.
2 comments
fastest963 4452 days ago
Worthless except when your cert key is stolen and you want to revoke the old one?
link
sp332 4452 days ago
What good is it to revoke one, if it still works because no one checked the revocation list?
link
fastest963 4452 days ago
That's the whole point of me posting this...
link
iancarroll 4452 days ago
How are they worthless?
link
msherry 4452 days ago
They're worthless because clearly no one is using them. They may theoretically be useful, but it doesn't matter if they're never put into practice.
link
iancarroll 4452 days ago
Do you mean nobody on the CA side or the end user side? CA's suspend certificates all the time - instant e the scam site had theirs pulled a few weeks ago...
link
nullc 4452 days ago
Beyond being seldom used, they also leak usage information.
link
dfc 4452 days ago
If you are leaking usage information with ocsp/crl checks you are also spewing out information via DNS requests.
link