If you go back and check Bugzilla I think you'll find Mozilla is pretty open and documents all requests from the NSA.
CRLs are gone and not coming back and that is fine...except that OCSP, in practice, is not as dependable as we need it. Original Message From: John Nagle Sent: Thursday, April 10, 2014 3:50 PM > Message: 5 > Date: Thu, 10 Apr 2014 14:31:29 -0400 > From: Jon DeVree<[email protected]> > To:[email protected] > Subject: Re: Revocation Policy > > Given that Mozilla no longer checks CRLs anyway, the discussion in > general may be largely irrelevant: > https://bugzilla.mozilla.org/show_bug.cgi?id=867465#c12 Did anyone go back and check to see if the people responsible for removing that feature from Mozilla were induced to do so by the NSA? That feature was removed before the Snowden disclosures. It's time to look at this again. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
