On 01/08/17 09:21, userwithuid wrote: > In this context @Mozilla: Those additional distrust entries are > coming from NSS, but they are all pre-OneCRL afaics. Is this > coincidence (= there wasn't any "high-profile" enough distrust > warranting nss addition) or has the certdata-based distrust been > entirely obsoleted by OneCRL (= there will never be any new distrust > entries in certdata)?
OneCRL does not obsolete certdata.txt-based distrust because not everyone checks OneCRL. While we can't add every cert in OneCRL to certdata.txt, we should add the big dis-trusts to it. Do you think there's anything missing? Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
