Reminder they webpki is still completely broken - now Google OCSP down http://clients1.google.com/ocsp Wonder if there is a targeted attack happening now
-
-
Replying to @letoams
Can you tell me precisely what http://clients1.google.com/ocsp is used for? I thought Chrome no longer used OCSP. What's the practical consequence of this service being down?
1 reply 1 retweet 0 likes -
Replying to @dangoodin001 @letoams
This is the OCSP responder for Google's CA. When an OCSP-using client (i.e. not Chrome) connects to a Google website, it will attempt to contact this OCSP responder to see if certificate is revoked.
1 reply 0 retweets 4 likes -
If the client hard fails on OCSP errors, then the client won't be able to access Google websites. No mainstream browser hard fails by default, so practical consequence is likely minimal. Some non-browser clients might hard fail on OCSP errors, but I don't know of any.
2 replies 0 retweets 1 like -
A frequent source of grief from these events is with web servers that perform OCSP stapling for their sites. When they are unable to refresh their OSCP data they stop serving.
1 reply 0 retweets 3 likes
Very true. But to be clear, the Google CA doesn't issue certificates to the general public, so that doesn't apply in this case.
-
-
Thanks for the clear info. Super helpful!
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.