> The CRL question is not about it being a requirement, but rather the fact > that it could / would lead to disparate treatment between CRL and OCSP for > the same certificate, which does not feel right.
The CRL would only grow if the (pre-cert || cert) needed to be revoke for any reason. CRLs only contain a list of revoked (pre-cert || cert) and don’t attempt to address whether the (pre-cert || cert) has been issued. - Curt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy