PC World

The Decision to Strip Online Certificate Revocation Checks From Chrome Is Misguided, Symantec Says

Stripping OCSP (Online Certificate Status Protocol) and CRL (certificate revocation list) checks from Google Chrome could have dangerous implications because it will turn Google into a single point of ...
Ars Technica

Two-tier OpenSSL PKI: how to revoke IntermediateCA when RootCA is airgapped?

I'm trying to set up a basic OpenSSL two-tier PKI but I'm not understanding how CRLs work in an airgapped RootCA; how can I revoke an IntermediateCA in a way that everyone knows it has been revoked?
Network World

Fitting OCSP into your Certificate Infrastructure

X.509 Digital certificates are used in a variety of security protocols to provide identity management. X.509 Digital certificates are used in a variety of security protocols to provide identity ...
Finextra

Data security in fintech: from TLS to ALE

Recently, after reading a great engineering blog post on OCSP and CRL verifiers in Go, and after further discussion in the community, I’ve got an insight that made me really gloomy. Mass of projects ...
Threat Post

Firefox 37 to Include New OneCRL Certificate Blocklist

The next version of Mozilla Firefox will include a new certificate revocation list that will speed up and streamline the process of revoking intermediate certificates trusted by the browser. The new ...