On Thu, 24 Mar 2011 07:58:46 -0700, johhny_at_poland77 wrote: > https://blog.torproject.org/blog/detecting-certificate-authority- compromises-and-web-browser-collusion > > "Users of Mozilla Firefox that are concerned about this issue should > enable security.OCSP.require in the about:config dialog."
But the full paragraph continues... "(...) Users of Mozilla Firefox that are concerned about this issue should enable security.OCSP.require in the about:config dialog. The surveillance concerns of enabling OCSP are serious - a CA learns what sites you’re visiting. However, they are nullified by the fact that OCSP checking is enabled by default on Firefox at least; it simply doesn’t provide any security gains for the end user because when it fails, it fails open!" So, finally there is no gain of having that key value enabled? :-? > How can i enable this feature in Google Chrome/Chromium? If we continue reading... "(...) Google has already shipped a fix to users. Install the latest Firefox to get a patch, if you haven't already. A Tor Browser update is in the works and will be available soon." So the fix was released, right? Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.03.29.18.09...@gmail.com
