|
Extended Validation certificates and cross-site scriptingExtended Validation certificates and cross-site scriptingPosted Mar 13, 2008 6:45 UTC (Thu) by grahammm (subscriber, #773)Parent article: Extended Validation certificates and cross-site scripting
Maybe as soon as a site is detected as having a (potential) XSS vulnerability, the CA should revoke the EV certificate. But then do all browsers consult the CRLs?
(Log in to post comments)
Extended Validation certificates and cross-site scripting Posted Mar 13, 2008 11:01 UTC (Thu) by cortana (subscriber, #24596) [Link] AFAIK, no browsers bother to consult CRLs unless the user spends a lot of time configuring a CRL for each embedded CA certificate that the browser ships with. Making the whole X.509 PKI fairly useless in practice.
|
Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.