Confirmed users, Administrators
5,526
edits
CA:ImprovingRevocation: Difference between revisions
Jump to navigation
Jump to search
m
→Current Problems to Solve
| Line 3: | Line 3: | ||
This page is dedicated to improving how Firefox does revocation checking of SSL certificates. | This page is dedicated to improving how Firefox does revocation checking of SSL certificates. | ||
== | == Problems to Solve == | ||
Here are some of the issues that we hope to address very soon. | Here are some of the issues that we hope to address very soon. | ||
| Line 11: | Line 11: | ||
* Poor Performance: Revocation checking through OCSP and CRL requests is way too slow. | * Poor Performance: Revocation checking through OCSP and CRL requests is way too slow. | ||
* Poor Usability: Many captive portals with HTTPS login pages work very poorly in Firefox because we stall for 30+ seconds waiting for the OCSP response for the captive portal that is being blocked by the captive portal until you log in. | * Poor Usability: Many captive portals with HTTPS login pages work very poorly in Firefox because we stall for 30+ seconds waiting for the OCSP response for the captive portal that is being blocked by the captive portal until you log in. | ||
* Confusing UX for EV certificates: If we fail to get revocation information via OCSP/CRL fetching for an EV certificate, then we do not show the certificate as an EV certificate. This is particularly problematic for cases when a web app is designed to be used offline (e.g. using AppCache), but even normal websites like paypal.com are affected by this. This inconsistency in the security indicators devalues the security indicators. | * Confusing UX for EV certificates: If we fail to get revocation information via OCSP/CRL fetching for an EV certificate, then we do not show the certificate as an EV certificate. This is particularly problematic for cases when a web app is designed to be used offline (e.g. using AppCache), but even normal websites like paypal.com are affected by this. This inconsistency in the security indicators devalues the security indicators. | ||
== Changes '''In Progress''' == | == Changes '''In Progress''' == | ||