[...] A reasonable risk assessment would show that it is reasonable and prudent to use CRLs past the nextIssue date in cases where it is not possible to obtain a newer CRL. [...]
OK. I agree this is a reasonnable risk assessment.
I'm annoyed by the current behavior of NSS, because it is using the CRL past the nextIssue date in all cases, not only in cases where the specific cause of the outdated CRL is that it was not possible to get a newer one.
And the software using NSS does not have any easy way to implement what is needed to handle that.
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
