Thomas D. posted on Thu, 07 Nov 2013 02:00:29 +0100 as excerpted: > Duncan wrote: >> Meanwhile, another question for Thomas. Is this "certificate stapling" >> the same thing google chrome is now doing for the google site, that >> enabled it to detect the (I think it was) Iranian and/or Chinese CA >> tampering, allowing them to say a "google" cert was valid that was >> actually their MitM cert, as appeared in the tech-news a few months >> ago? Or was that something different? > > No, OCSP Stapling is something else. > > Guess you are talking about HSTS and "SSL pinning" [1,2]: In Google > Chrome, they hard coded some certificates/certificate meta data [3] > which must be present in every certificate used for any Google site.
That was it, yes. Thanks greatly for clearing up my confusion. =:^) -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman