On 12/10/18 13:53, Jakob Bohm via dev-security-policy wrote:
On 12/10/2018 14:33, Ben Laurie wrote:
<snip>
This is one of the reasons we also need revocation transparency.
Or just a crt.sh enhancement to remember the previously collected
revocations.
crt.sh already remembers previously collected CRL entries.
Examples:
1. https://crt.sh/?id=35391481 is a now-expired cert that crt.sh
observed as revoked-by-CRL whilst it was time-valid.
2. https://crt.sh/mozilla-disclosures#disclosedandunrevokedfromcrl shows
that https://crt.sh/?id=12724140 was revoked-by-CRL and then "unrevoked"
(see also https://bugzilla.mozilla.org/show_bug.cgi?id=1442091)
--
Rob Stradling
Senior Research & Development Scientist
Email: r...@comodoca.com
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
