Chrome browser users have to tag “Check for server certificate revocation” in advanced settings themselves, because Google Chrome as by default will keep users in the dark about quite some amount of recently revoked certificates: http://news.netcraft.com/archives/2014/04/18/chrome-users-oblivious-to-heartbleed-revocation-tsunami.html link article author = John Graham-Cumming.
I did install Chromebleed in Google Chrome to be aware during the Heartbleed Revocation tsunami (e.g. from Cloudflare etc.). Netcraft Extension will also inform users or the LastPass Heartbleed checker. Still a lot of Heartbleed insecurity out there, be aware and check them out.
Enabled the settings and no more noisiness as usual in fx and chrome. So noisiness apparently was not the reason for not passing these alerts on and for sending them to digital oblivion. This smells of “security through obscurity” tactics. Keeping information away from users is not the way to establish user confidence. Think what damage it did while the heartbleed issue was kept from the public. When such damage has been done, it will be so much harder to regain confidence.
Because of the specific way in which Google Chrome checks SSL Certificates the default setting like bob3160 gives as advice, may be the better alternative.
Read here why bob3160 shares with us the latest insights from Google-engineer Adam Langley: https://www.imperialviolet.org/2014/04/19/revchecking.html
Well, bob3160, I didn’t know that you were sitting on the latest and hottest Google Chrome SSL-security insights.
I am impressed,
