Google has revealed that it is pondering over the idea of removing online certification revocation checks from the forthcoming versions of its Chrome browser.
The move has been proposed by the company as such mandatory checks eventually slow down the browsing experience of the user. It further stated that the changes will be applicable to all future versions of Google Chrome.
Browsers generally check whether their SSL certification has been cancelled or not by the concerned Certificate issuing authorities every time they make an attempt to establish an HTTPS connection. These checks are conducted by inquiring CA-operated servers, with the help of a protocol called OCSP (Online Certificate Status Protocol).
It is usually seen that due to some technology goof-ups in these validation servers, often the browsers fail to connect with the CA servers. Until and unless the browser successfully establishes a connection with the servers, the site does not appear on the users screen.
Apart from this, there are also risks of hackers intruding the HTTPS connections and generating false messages that depict failure of online revocation checks. "An attacker who can intercept HTTPS connections can also make online revocation checks appear to fail and so bypass the revocation checks," Adam Langley, Google security engineer, stated in a blog post.
In case a CA server has broken down, it is impossible to conduct online certification revocation checks. As a result of this, some network error occurs, which leads to user inconvenience. This phenomenon is termed as soft-fail.
Google is planning to implement a local list of all the revoked certificates and will regularly update that list through an update process.