28 points | by mcpherrinm 3 hours ago ago
9 comments
https://badssl.com/ also offers several test subdomains in the same vein.
Interesting. Chrome (146, macOS) shows no error messages on the revoked cert pages, but Firefox does (also macOS).
Yeah, Chrome only partly supports revocation (Not sure exactly the criteria, but our test sites don't match it).
Same with Brave, so it is a Chromium thing.
Vanadium, Chrome and Firefox (all for Android) all accept all the revoked certificates... But revoked.badssl.com is considered revoked
> Vanadium, Chrome and Firefox (all for Android) all accept all the revoked certificates... But revoked.badssl.com is considered revoked
Firefox Beta (150.0b7) is accepting all of the revoked certs on my device
Meanwhile HTTP keeps working just fine and is decentralized.
Just "add your own crypto" on top, which is the ONLY thing a sane person would do.
3... 2... 1... banned?
Did you self-ban?
XD Nope, more like self destruct! ;)
https://badssl.com/ also offers several test subdomains in the same vein.
Interesting. Chrome (146, macOS) shows no error messages on the revoked cert pages, but Firefox does (also macOS).
Yeah, Chrome only partly supports revocation (Not sure exactly the criteria, but our test sites don't match it).
Same with Brave, so it is a Chromium thing.
Vanadium, Chrome and Firefox (all for Android) all accept all the revoked certificates... But revoked.badssl.com is considered revoked
> Vanadium, Chrome and Firefox (all for Android) all accept all the revoked certificates... But revoked.badssl.com is considered revoked
Firefox Beta (150.0b7) is accepting all of the revoked certs on my device
Meanwhile HTTP keeps working just fine and is decentralized.
Just "add your own crypto" on top, which is the ONLY thing a sane person would do.
3... 2... 1... banned?
Did you self-ban?
XD Nope, more like self destruct! ;)