On 08/23/12 20:05, Ted Unangst wrote: > On Thu, Aug 23, 2012 at 13:12, Ryan Kirk wrote: >> One thing I've never understood is that if you're MITM'd, what good is >> a cert revocation going to do? The proxying individual can easily >> block access to the revocation lists, and your browser be none the >> wiser. > > hahaha, I've seen exactly one program complain about being unable to > contact the revocation server. The fucking java auto updater on > windows for some reason can never make contact.
You could set security.OCSP.require to true in about:config in firefox. The result is hilarious... (well, it was for me ~1.5 years ago, never tried it again.)
