How certificate revocation (doesn’t) work in practice
May13
on May 13, 2013
at 11:15 am
Posted In: Uncategorized
Certificate revocation is intended to convey a complete withdrawal of trust in an SSL certificate and thereby protect the people using a site against fraud, eavesdropping, and theft. However, some contemporary browsers handle certificate revocation so carelessly that the most frequent users of a site and even its administrators can continue using an revoked certificate […]
Comment