On Thu, 24 Mar 2011 07:58:46 -0700, johhny_at_poland77 wrote:
https://blog.torproject.org/blog/detecting-certificate-authority-
compromises-and-web-browser-collusion
Users of Mozilla Firefox that are concerned about this issue should
enable security.OCSP.require in the about:config dialog.
But the full paragraph continues...
(...) Users of Mozilla Firefox that are concerned about this issue
should enable security.OCSP.require in the about:config dialog. The
surveillance concerns of enabling OCSP are serious - a CA learns what
sites you’re visiting. However, they are nullified by the fact that OCSP
checking is enabled by default on Firefox at least; it simply doesn’t
provide any security gains for the end user because when it fails, it
fails open!
So, finally there is no gain of having that key value enabled? :-?
How can i enable this feature in Google Chrome/Chromium?
If we continue reading...
(...) Google has already shipped a fix to users. Install the latest
Firefox to get a patch, if you haven't already. A Tor Browser update is
in the works and will be available soon.
So the fix was released, right?
Greetings,
--
Camaleón
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/pan.2011.03.29.18.09...@gmail.com