"we updated Chrome’s certificate revocation metadata immediately to block that i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		knowitall on Dec 8, 2013 \| parent \| context \| favorite \| on: Further improving digital certificate security "we updated Chrome’s certificate revocation metadata immediately to block that intermediate CA" Dumb question, why then does Chrome on my computer show "Google Chrome is up to date."? Shouldn't there be an update ready? Or is there a different (silent) way to update certificates?

Strom on Dec 8, 2013 [–]

Revocations can be checked via OCSP. [1] Chrome probably has an alternative system as well.

[1] http://en.wikipedia.org/wiki/Online_Certificate_Status_Proto...

robertduncan on Dec 8, 2013 | [–]

Chrome uses CRLsets:

https://twitter.com/agl__/status/409687123659214851 http://dev.chromium.org/Home/chromium-security/crlsets

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact