Kurt Roeckx <k...@roeckx.be> writes: >This is why browsers have something like OneCRL, so that they actually do >know about it and why Rob added that information to the bug tracker ( >https://bugzilla.mozilla.org/show_bug.cgi?id=906611#c2).
That still doesn't necessarily answer the question, Google have their CRLSets but they're more ineffective than effective in dealing with revocations (according to GRC, they're 98% ineffective, https://www.grc.com/revocation/crlsets.htm). Given how hard it is to determine whether cross-certifications exist (we really have no way of telling until a cross-certificate suddenly turns up somewhere), it'd be good to have some firm indication of whether a revocation will actually take effect or not. Certainly for CRLSets it seems it won't. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy