Wednesday, November 23, 2016

Fossa Guard V0.2.2. Call for OCSP support

Fossa Team has updated Fossa Guard to V0.2.2 following requests from our users about extension hangs up while working with certificates issued by cacert.org.

A small investigation has been done with Certificate Revocation Lists (CRLs) available at https://isc.sans.edu/crls.html and it was discovered that CAcert's CRL is the biggest one -  around 8Mb.

It contains certificates revoked since 2002 which looks reasonable only in the case when there are certificates issued for 14+ years which have a high probability of being revoked.

Unfortunately is not practical to handle such big CRLs in the browser thus we limited size of supported CRL by 512Kb to avoid time-consuming download and decoding.

So it looks like there is a strong request to implement Online Certificate Status Protocol (OCSP) support in new versions of Fossa Guard making possible to perform single certificate check if it has been revoked or not.




No comments:

Post a Comment