FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 03-24-2011, 01:58 PM
johhny_at_poland77
 
Default HOW to set “security.OCSP.require” in Google Chrome/Chromium?

https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion

"Users of Mozilla Firefox that are concerned about this issue should enable security.OCSP.require in the about:config dialog."

How can i enable this feature in Google Chrome/Chromium?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 12ee85ff629.-4197556471305602939.7134313904128692473@zoho.com"> http://lists.debian.org/12ee85ff629.-4197556471305602939.7134313904128692473@zoho.com
 
Old 03-24-2011, 01:58 PM
johhny_at_poland77
 
Default HOW to set “security.OCSP.require” in Google Chrome/Chromium?

https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion

"Users of Mozilla Firefox that are concerned about this issue should enable security.OCSP.require in the about:config dialog."

How can i enable this feature in Google Chrome/Chromium?

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 03-24-2011, 01:58 PM
johhny_at_poland77
 
Default HOW to set “security.OCSP.require” in Google Chrome/Chromium?

https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion

"Users of Mozilla Firefox that are concerned about this issue should enable security.OCSP.require in the about:config dialog."

How can i enable this feature in Google Chrome/Chromium?


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-24-2011, 05:15 PM
NoOp
 
Default HOW to set “security.OCSP.require” in Google Chrome/Chromium?

On 03/24/2011 07:58 AM, johhny_at_poland77 wrote:
> https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
>
> "Users of Mozilla Firefox that are concerned about this issue should enable security.OCSP.require in the about:config dialog."
>
> How can i enable this feature in Google Chrome/Chromium?
>
>

chrome://settings/advanced
Security
Manage Certificates...
Check for server certificate revocation



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-24-2011, 05:29 PM
Bruno Wolff III
 
Default HOW to set “security.OCSP.require” in Google Chrome/Chromium?

On Thu, Mar 24, 2011 at 07:58:48 -0700,
johhny_at_poland77 <johhny_at_poland77@zoho.com> wrote:
> https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
>
> "Users of Mozilla Firefox that are concerned about this issue should enable security.OCSP.require in the about:config dialog."
>
> How can i enable this feature in Google Chrome/Chromium?

about:config is a URL that you can visit. You can then click on the
the setting to modify it's value. You can also type in a pattern to use
as a filter so that there are less settings shown.

Depnding on what you are really worried about, you might be better off totally
disabling the checking the bad certificate list instead of bothering to
have the black list block access to web pages. Sending all of the certifictes
you visit to the CA to verify may be a bigger security risk than being
tricked into visiting a web page with an incorrectly issued certificate.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 03-24-2011, 06:10 PM
Bruno Wolff III
 
Default HOW to set “security.OCSP.require” in Google Chrome/Chromium?

On Thu, Mar 24, 2011 at 14:16:49 -0430,
Patrick O'Callaghan <pocallaghan@gmail.com> wrote:
>
> Wierd advice IMHO. There are a number of practical reasons for not
> checking CRLs (Certificate Revocation Lists) all the time, but sending
> cert serial numbers to the CA is not among them. The serial number is
> not secret information (neither is the cert itself of course). If you
> don't trust the CA, then better disable certs entirely, not just CRL
> checking.

Sending the serial number to the CA allows the CA to guess (with high
probability of being correct) that you are visiting the web page that
they sold the certificate for. This information can be resold to other
companies for marketing purposes (or other reasons). If there is any
money in this, I wouldn't expect Verisign to pass the opportunity up based
on other similar stuff they have done.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 03-24-2011, 06:46 PM
Bruno Wolff III
 
Default HOW to set “security.OCSP.require” in Google Chrome/Chromium?

On Thu, Mar 24, 2011 at 15:12:56 -0430,
Patrick O'Callaghan <pocallaghan@gmail.com> wrote:
>
> Even if that's true, it doesn't belie what I just said. If you don't
> trust the CA, don't use their services at all.

There is a difference between trusting them to certify a site and to not
resell data about you. Some people may trust them for one of these but
not the other. But for the record I do remove the certificates in firefox
as the certification of some CA who talked a browser manufacturer into
including their certs doesn't provide significant weight with me.

> There does not exist, and never can exist, a means of securing
> communication between two parties that don't trust each other unless
> they both decide to place some level of trust in a third party. CAs are
> just one way to do that (and clearly they need to get their act
> together). Web-of-trust mechanisms are another but I don't know of any
> mainstream browsers that support them.

Web of trust is better than hierarchical for general use. But also it would
be have been nice if browsers were design to help you make sure you are
communicating with the same entity as the last time. (Sort of like how ssh
does things.) For cert changes, one could sign new certs with the old ones.
The current warning system is more like a protection racket that a security
system.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 03-25-2011, 02:42 PM
MR ZenWiz
 
Default HOW to set “security.OCSP.require” in Google Chrome/Chromium?

On Thu, Mar 24, 2011 at 11:15 AM, NoOp <glgxg@sbcglobal.net> wrote:
> On 03/24/2011 07:58 AM, johhny_at_poland77 wrote:
>> https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
>>
>> "Users of Mozilla Firefox that are concerned about this issue should enable security.OCSP.require in the about:config dialog."
>>
>> How can i enable this feature in Google Chrome/Chromium?
>>
>
> chrome://settings/advanced

Or <wrench>->Preferences->Under the Hood - easier for the average
non-expert in Chrome....

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-25-2011, 03:19 PM
johhny_at_poland77
 
Default HOW to set “security.OCSP.require” in Google Chrome/Chromium?

So if i tick the "Check for server certificate revocation" then the OCSP will be enforced? if "OCSP" fails, the site will not load? :O

THANK YOU!

---- Be Fri, 25 Mar 2011 08:42:39 -0700 MR ZenWiz *rta ----

>On Thu, Mar 24, 2011 at 11:15 AM, NoOp wrote:
>> On 03/24/2011 07:58 AM, johhny_at_poland77 wrote:
>>> https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
>>>
>>> "Users of Mozilla Firefox that are concerned about this issue should enable security.OCSP.require in the about:config dialog."
>>>
>>> How can i enable this feature in Google Chrome/Chromium?
>>>
>>
>> chrome://settings/advanced
>
>Or ->Preferences->Under the Hood - easier for the average
>non-expert in Chrome....
>
>--
>ubuntu-users mailing list
>ubuntu-users@lists.ubuntu.com
>Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 03-25-2011, 03:35 PM
James Smith
 
Default HOW to set “security.OCSP.require” in Google Chrome/Chromium?

Yes, it will warn you.

On Fri, Mar 25, 2011 at 5:19 PM, johhny_at_poland77 <johhny_at_poland77@zoho.com> wrote:

So
if i tick the "Check for server certificate revocation" then the OCSP
will be enforced? if "OCSP" fails, the site will not load? :O



THANK YOU!



---- Be Fri, 25 Mar 2011 08:42:39 -0700 MR ZenWiz **rta ----



>On Thu, Mar 24, 2011 at 11:15 AM, NoOp *wrote:

>> On 03/24/2011 07:58 AM, johhny_at_poland77 wrote:

>>> https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion


>>>

>>> "Users of Mozilla Firefox that are concerned about this
issue should enable security.OCSP.require in the about:config dialog."

>>>

>>> How can i enable this feature in Google Chrome/Chromium?

>>>

>>

>> chrome://settings/advanced

>

>Or ->Preferences->Under the Hood - easier for the average

>non-expert in Chrome....

>

>--

>ubuntu-users mailing list

>ubuntu-users@lists.ubuntu.com

>Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

>





--

ubuntu-users mailing list

ubuntu-users@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 05:11 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org