* Marcus Brinkmann: > Certainly the privacy concern that Google expresses "because the CA > learns the IP address of users and which sites they're visiting" does > not extend to Google itself, which already has much more detailed > information about its users.
The CRL check is also done locally (but some other security checks aren't, admittedly). And someone at Symantec actually look at the OCSP logs: <http://www.symantec.com/connect/blogs/more-two-billion-ocsp-lookups-single-day> Unfortunately, CRLs have the same flaw as OCSP: it is impossible to recover from most CA process failures because the CRL does not actually pin down certificate contents and it is possible to have a collision with a practically irrevocable certificate. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
