Hard Fail OCSP in Comodo Dragon.

Do you guys want a Hard Fail OCSP in Dragon?

What is this?:slight_smile:
Can you exaplain a little more bit?

It’s much needed in upstream Chromium as well.

Firefox has it and its quite useful. What a hard fail on OCSP would be that if an OCSP check fails, the SSL connection is not made.

More details here;

And I’d say ‘yes please’ :-TU

It is surely an interesting security feature, but won’t it slowdown Dragon too much?

In Firefox, it looks like in the attached image.

[attachment deleted by admin]

No, its a small request that doesn’t return a large amount of data. It’s much quicker than checking the Certificate Revocation List as these can be SEVERAL KBs where as OCSP can be done in as little as 1 second.

not sure if FF has it tbh…
to my knowledge no browser has it…

no slowdown…

Boris3 posted a image in the post above my previous one which shows the option of which I believe you to be speaking of. It says: “When an OCSP server connection fails, treat the certificate as invalid”. Is this not what you speak of? As I understand this to be a ‘hard fail’. If this is not what you meant by ‘hard fail’, I am curious to know what you consider to be ‘hard fail’ for OCSP?

Firefox has had this feature since version 2. It’s very useful, providing it’s optional, as it can be mildly irritating, if, for what ever reason, the OCSP server is not contactable. I mentioned this here

yes you are right…thx…

+1 for the extra security it will bring. :-TU