[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Extended Validation certificates and cross-site scripting

Extended Validation certificates and cross-site scripting

Posted Mar 13, 2008 6:45 UTC (Thu) by grahammm (guest, #773)
Parent article: Extended Validation certificates and cross-site scripting 

Maybe as soon as a site is detected as having a (potential) XSS vulnerability, the CA should
revoke the EV certificate. But then do all browsers consult the CRLs?

to post comments

Extended Validation certificates and cross-site scripting

Posted Mar 13, 2008 11:01 UTC (Thu) by cortana (subscriber, #24596) [Link] 

AFAIK, no browsers bother to consult CRLs unless the user spends a lot of time configuring a
CRL for each embedded CA certificate that the browser ships with. Making the whole X.509 PKI
fairly useless in practice.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds