On Thu, Apr 10, 2014 at 01:49:37PM -0700, John Nagle wrote: > >Message: 5 > >Date: Thu, 10 Apr 2014 14:31:29 -0400 > >From: Jon DeVree<[email protected]> > >To:[email protected] > >Subject: Re: Revocation Policy > > > >Given that Mozilla no longer checks CRLs anyway, the discussion in > >general may be largely irrelevant: > >https://bugzilla.mozilla.org/show_bug.cgi?id=867465#c12 > > Did anyone go back and check to see if the people responsible for > removing that feature from Mozilla were induced to do so by > the NSA? > > That feature was removed before the Snowden disclosures. > It's time to look at this again.
This change actually makes sense. As good as nobody was using CRLs as they were supposed to be used. It has been replaced by OCSP. Kurt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
