On Thu, Mar 24, 2011 at 07:58:50AM -0700, johhny_at_poland77 wrote: > https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion > > "Users of Mozilla Firefox that are concerned about this issue should > enable security.OCSP.require in the about:config dialog." > > How can i enable this feature in Google Chrome/Chromium?
You also posted http://www.mail-archive.com/debian-user@lists.debian.org/msg595454.html and probably posted http://superuser.com/questions/261746/security-ocsp-require-in-google-chrome, http://superuser.com/questions/261420/security-ocsp-require-in-google-chrome and the questions that were merged into these. Don't be rude, and do ask the proper people. I don't think there is currently a way to do what you want, but you could file a bug with chrome/chromium. Make sure it's a useful one, though. Finally, note that what you're trying to do is pretty useless - the CA system has plenty of other holes. Make sure to understand them before kicking up a fuss about a blog post that I'm sure the chrome/chromium security people have read too. Joachim
