On 19/10/2018 10:42, Ben Laurie wrote:
> On Fri, 19 Oct 2018 at 10:38, Rob Stradling wrote:
<snip>
FWIW, we (Comodo CA) do maintain an archive of all the CRLs we've ever >>>> 
signed.>>>
Put it in Trillian? :-)

That had occurred to me.  ;-)

Would it be useful?

To be properly useful you would need to extend CRL protocols to include inclusion proofs, but its a step in the right direction. Is there a way to add ad-hoc stuff to CRLs?

Yes, CRLs have X.509v3 extensions, just like certificates do.

I suppose "CRL Transparency" would look much the same as CT, except that it would operate on X.509v3 CRL blobs instead of X.509v3 Certificate blobs.

--
Rob Stradling
Senior Research & Development Scientist
Email: r...@comodoca.com

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to