* Home Help Search Login Register  

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 24, 2013, 05:42:15 PM

Login with username, password and session length

664002 Posts
70623 Topics
145254 Members
Latest Member: ErlindaAnnalise

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Security Products & Services
| |-+  Comodo Dragon - CD
| | |-+  News / Announcements / Feedback - CD
| | | |-+  Hard Fail OCSP in Comodo Dragon.		 « previous next »
Pages: [1] Go Down Print
Author Topic: Hard Fail OCSP in Comodo Dragon.  (Read 6069 times)
Melih
CEO - Comodo
Administrator
Comodo's Hero
*****
Offline Offline

Posts: 12914



WWW
« on: August 29, 2011, 04:21:02 PM »
Do you guys want a Hard Fail OCSP in Dragon?
Logged
Who is Melih? What is he trying to do?  -- Follow me on Twitter
morphiusz
Star Group
Comodo's Hero
*****
Offline Offline

Posts: 2197


Comodo's śmieć :)


WWW
« Reply #1 on: August 29, 2011, 04:26:10 PM »
What is this?Smiley
Can you exaplain a little more bit?
Logged
Sal Amander
Comodo Staff
Comodo's Hero
*****
Offline Offline

Posts: 607



WWW
« Reply #2 on: August 29, 2011, 05:09:11 PM »
Quote from: morphiusz on August 29, 2011, 04:26:10 PM
What is this?Smiley
Can you exaplain a little more bit?

It's much needed in upstream Chromium as well.

Firefox has it and its quite useful. What a hard fail on OCSP would be that if an OCSP check fails, the SSL connection is not made.
Logged
Ronny
Product Translator
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 13184


Volunteer Moderator
« Reply #3 on: August 29, 2011, 05:11:22 PM »
More details here;
http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol

And I'd say 'yes please'  Thumb Up
Logged
Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!
Boris 3
Comodo's Hero
*****
Offline Offline

Posts: 1284
« Reply #4 on: August 29, 2011, 05:18:18 PM »
It is surely an interesting security feature, but won't it slowdown Dragon too much?

In Firefox, it looks like in the attached image.

* UeDXh.png (13.45 KB, 549x206 - viewed 63 times.)
Logged
Sal Amander
Comodo Staff
Comodo's Hero
*****
Offline Offline

Posts: 607



WWW
« Reply #5 on: August 29, 2011, 05:56:11 PM »
Quote from: Boris 3 on August 29, 2011, 05:18:18 PM
It is surely an interesting security feature, but won't it slowdown Dragon too much?
No, its a small request that doesn't return a large amount of data. It's much quicker than checking the Certificate Revocation List as these can be SEVERAL KBs where as OCSP can be done in as little as 1 second.
Logged
Melih
CEO - Comodo
Administrator
Comodo's Hero
*****
Offline Offline

Posts: 12914



WWW
« Reply #6 on: August 29, 2011, 07:56:56 PM »
Quote from: Sal Amander on August 29, 2011, 05:09:11 PM
It's much needed in upstream Chromium as well.

Firefox has it and its quite useful. What a hard fail on OCSP would be that if an OCSP check fails, the SSL connection is not made.

not sure if FF has it tbh..
to my knowledge no browser has it...
Logged
Who is Melih? What is he trying to do?  -- Follow me on Twitter
Melih
CEO - Comodo
Administrator
Comodo's Hero
*****
Offline Offline

Posts: 12914



WWW
« Reply #7 on: August 29, 2011, 07:57:33 PM »
Quote from: Boris 3 on August 29, 2011, 05:18:18 PM
It is surely an interesting security feature, but won't it slowdown Dragon too much?

In Firefox, it looks like in the attached image.

no slowdown..
Logged
Who is Melih? What is he trying to do?  -- Follow me on Twitter
Sal Amander
Comodo Staff
Comodo's Hero
*****
Offline Offline

Posts: 607



WWW
« Reply #8 on: August 29, 2011, 10:06:03 PM »
Quote from: Melih on August 29, 2011, 07:56:56 PM
not sure if FF has it tbh..
to my knowledge no browser has it...

Boris3 posted a image in the post above my previous one which shows the option of which I believe you to be speaking of. It says:  "When an OCSP server connection fails, treat the certificate as invalid". Is this not what you speak of? As I understand this to be a 'hard fail'. If this is not what you meant by 'hard fail', I am curious to know what you consider to be 'hard fail' for OCSP?
Logged
Radaghast
Star Group
Comodo's Hero
*****
Online Online

Posts: 4039
« Reply #9 on: August 29, 2011, 10:21:15 PM »
Firefox has had this feature since version 2. It's very useful, providing it's optional, as it can be mildly irritating, if, for what ever reason, the OCSP server is not contactable. I mentioned this here
Logged
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.”
Melih
CEO - Comodo
Administrator
Comodo's Hero
*****
Offline Offline

Posts: 12914



WWW
« Reply #10 on: August 30, 2011, 08:22:29 AM »
Quote from: Radaghast on August 29, 2011, 10:21:15 PM
Firefox has had this feature since version 2. It's very useful, providing it's optional, as it can be mildly irritating, if, for what ever reason, the OCSP server is not contactable. I mentioned this here

yes you are right..thx..
Logged
Who is Melih? What is he trying to do?  -- Follow me on Twitter
EricJH
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 16721
« Reply #11 on: September 01, 2011, 04:59:42 PM »
+1 for the extra security it will bring. Thumb Up
Logged
Please read: Introduction to the 5.x Sandbox
With CIS v4 my p2p client (uTorrent, e Mule...) is not working properly anymore
Tags:
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.051 seconds with 22 queries.
Powered by SMF 1.1.18 | SMF © 2006, Simple Machines Design by 7dana.com