Post heartbleed, the right way to go is for all browsers to deny https access in... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		danra on April 14, 2014 \| parent \| context \| favorite \| on: Does your browser rejected revoked certificates? Post heartbleed, the right way to go is for all browsers to deny https access in case the OCSP check fails, not just ignore the failure. The CAs are those who should scramble to fix whatever doesn't work. Captive networks have to be configured to allow CA access, or just disallow https.

nomailing on April 14, 2014 [–]

exactly. if access to a CA is blocked it is not good and I want a big red warning sign in my browser. what chrome is doing with their high profile website revocation by browser update is all bullshit.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact