Thanks a lot, Ryan! Your comment on the Firefox specific selection of revoked certificates contained in the list is definitely a point we'll have to consider. One more question: do I see it correctly that what is being called OneCRL is the "certItems" part of https://hg.mozilla.org/mozilla-central/file/tip/browser/app/blocklist.xml? And the link which provides the JSON file (which I included in my message before) is derived from the blocklist XML?
2017-11-07 14:47 GMT+01:00 Ryan Sleevi <r...@sleevi.com>: > Note that additions and removals are made in OneCRL relate to the > behaviour of mozilla::pkix and the trust lists expressed by the associated > version of NSS shipping with the supported versions of Firefox. > > For example, this includes revocation of 'email only' CAs (that are not > appropriately constrained), which of course would not be appropriate for an > e-mail consuming application, or the revocation of particular > cross-certificates tied to the status of trust of particular roots. > > As for the blocklist update, it's maintained in https://hg.mozilla.org/ > mozilla-central/filelog/tip/browser/app/blocklist.xml > > On Tue, Nov 7, 2017 at 8:08 AM, niklas.bachmaier--- via > dev-security-policy <dev-security-policy@lists.mozilla.org> wrote: > >> Hi all >> >> I'm working for a big managed security provider. We would like to benefit >> from OneCRL as a means of improving our certificate revocation checking. >> >> I could download OneCRL at https://firefox.settings.servi >> ces.mozilla.com/v1/buckets/blocklists/collections/certificates/records. >> My question is if there is a license on OneCRL or if we are free to use it? >> Further I'm wondering if Mozilla has already thought about third party >> users and provides another way of getting the most recent version of OneCRL >> than getting the above mentioned website and comparing if the content has >> changed? >> >> Thanks a lot already for any feedback on this! >> >> Niklas >> _______________________________________________ >> dev-security-policy mailing list >> dev-security-policy@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-security-policy >> > > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
