It might be ok if used in addition to checking revocation lists. However why should a bank get to have their certificate in the crlset but a saas provider not? Or do you really trust Google there?
Frankly Adam doesn't really believe revocation is pointless. If he did, he wouldn't even suggest that sending a valuable subset of certificates to the browser in a batch is any sort of solution at all. All that does, though, is create a two-class secure internet: those entities Google deems worth distributing revocation information for and those not. That isn't a solution to anything.
So is getting a subset of revoked certs Google deems "valuable." In fact, that may be even more dangerous since it establishes first class secure sites vs everyone else.
Why should Yahoo's cert revocatins get in the CRLsets but not less well known sites? How is that less broken than online revocation?
Keep in mind, my big objection is:
Google did not distribute our certificate vocation in their CRLSet, presumably because we weren't large enough. That is not a fix for anything.
