Revocation Confusion
7 hours ago
- #SSL Certificates
- #Browser Security
- #Web Standards
- Different browsers handle revoked SSL certificates differently, causing inconsistent user experiences.
- Firefox shows a security warning for revoked certificates, while Chrome may ignore it.
- Revoked certificates indicate the website owner no longer considers the certificate safe for encryption.
- OCSP and CRLs are methods to check certificate revocation but have privacy and performance issues.
- Chrome uses CRLSets, and Firefox is moving to CRLite for more efficient revocation checks.
- Let’s Encrypt is phasing out OCSP in favor of CRLs and shorter certificate lifetimes.
- Flair Airlines' website had a revoked certificate, leading to access issues for some users.
- Better security warnings and browser consistency are needed for improved user experience.