On Fri, Nov 1, 2013 at 4:00 PM, <[email protected]> wrote: > Seriously, though, anyone who has ever issued a CRL was basically wasting > valuable electrons on something that doesn't get used (by FF--don't know > about the others). > > Or to put it another way, everyone could stop issuing CRLs immediately and > have no appreciable impact on Internet security. I think that would > surprise many people. >
I agree with everything quoted above. Don't waste your time with CRLs if you care only about browsers. Work on deploying OCSP stapling if you think revocation checking is important. Cheers, Brian -- Mozilla Networking/Crypto/Security (Necko/NSS/PSM) _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
