Google removes SSL certificate revocation checks

Google removes SSL certificate revocation checks

Companies will need to be more vigilant about checking their own SSL certificates, as Google's Chrome browser plans to remove certificate revocation checks from future versions. The company considers it to be a slow and inefficient process.

"An attacker who can intercept HTTPS connections can also make online revocation checks appear to fail and so bypass the revocation checks," Google security engineer Adam Langley said in a blog post. "So soft-fail revocation checks are like a seat-belt that snaps when you crash. Even though it works 99 percent of the time, it's worthless because it only works when you don't need it."

Google is replacing the check with a local list of revoked certificates that can be updated with restarting the browser. The delay times were apparently too much for this feature to be kept around by Google.

Even with all of this new security technology, companies need to make sure they stay on top of things such as PCI compliance and SSL certificates to stay safe in what can be the wild world of the internet.