Note that additions and removals are made in OneCRL relate to the behaviour of mozilla::pkix and the trust lists expressed by the associated version of NSS shipping with the supported versions of Firefox.
For example, this includes revocation of 'email only' CAs (that are not appropriately constrained), which of course would not be appropriate for an e-mail consuming application, or the revocation of particular cross-certificates tied to the status of trust of particular roots. As for the blocklist update, it's maintained in https://hg.mozilla.org/mozilla-central/filelog/tip/browser/app/blocklist.xml On Tue, Nov 7, 2017 at 8:08 AM, niklas.bachmaier--- via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > Hi all > > I'm working for a big managed security provider. We would like to benefit > from OneCRL as a means of improving our certificate revocation checking. > > I could download OneCRL at https://firefox.settings. > services.mozilla.com/v1/buckets/blocklists/collections/certificates/ > records. My question is if there is a license on OneCRL or if we are free > to use it? Further I'm wondering if Mozilla has already thought about third > party users and provides another way of getting the most recent version of > OneCRL than getting the above mentioned website and comparing if the > content has changed? > > Thanks a lot already for any feedback on this! > > Niklas > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
