Been testing out the free “Let’s Encrypt” certificates. I got a certificate for a web site I host. Then I revoked the certificate as one would do if the private key was stolen. However – chrome browser doesn’t do certificate revocation checking. At least it doesn’t for Let’s Encrypt. Firefox however does. Here’s the link to the site with a revoked cert:
If you get an error your browser is working. If you see the web site, it’s not. Cert was revoked the morning of October 4th,
I’m getting close to suing Google over their anti-http campaign. Here’s the link to my latest draft.
In https the ‘s’ stands for secure, so “Not secure” is a completely accurate description of http traffic.
Good luck with that lawsuit.
This isn’t news: I heard Steve Gibson speaking of this some time ago: https://revoked.grc.com
Great post. Great minds think alike.
obviously you have them scared: https://imgur.com/326CLyH
time to add a retaliation charge to the lawsuit
https://imgur.com/a/JfImV
That’s from Chrome 61 for OSX, is that not correct behavior?
Interesting. That’s not what I get.
Marc, interesting complaint. Thought provoking.
My observations, having been around the block a couple times.
The root of your argument is:
Google is stifling free speech (5 n) and Google is not a regulatory agency yet acting as one (5 m).
Your argument will fail, because:
As you correctly stated, Google is not a regulatory agency. Google is not any type of government agency, but a private business and therefore has no more weight of free speech than CNN, MSNBC, FOX, etc. BECAUSE…
Google can legally express IT’S freedom of speech any way it wants. And it wants to argue that your sites are insecure.
So here is how it will all fall out.
A) You sue google.
B) Google responds with a COUNTERSUIT and a GAG ORDER which a sympathetic judge will grant.
C) Google will pound you with mountains of very expensive legal filing and actions till you go away.
D) Lawsuit dies, and Google now owns your home and everything else for filing a false, libelous complaint against THEM.
Are you sure you want to do this??
If you do decide to sue Google, you MUST do these three things.
A) Place all your worldly possessions in an irrevocable trust.
B) Name me as the executor.
C) 🙂 !!
David vs. Goliath. I don’t think David is going to win these kind of fights, but it is nice to see Marc trying.
I tried safari (on a mac) and noted:
o no lock icon to view the certificate (due to mixed secure & insecure content)
o no obvious error messages (unless I bring up the console to view a couple errors like a missing favicon)
After using developer mode, I brought up an image that was secure.
o the lock icon was present
o clicking on the lock and viewing the certificate, it said it was valid.
Sigh.
Please Describe in 350 to 750 Words. The article is not As much long as required to get good information. But still the nice try.
Opera, which is built on the chrome base, sees the revocation.
Works fine in Firefox 56…
Sorry, I’m a strong proponet of HTTPS!
Working fine with Firefox. Mind sharing more details on the error?