On Wednesday, November 18, 2020 at 3:07:32 PM UTC-8, Kathleen Wilson wrote: > All, > > The following changes have been made in the CCADB: > > On Intermediate Cert pages: > - Renamed section heading ‘Revocation Information’ to ‘Revocation > Information for this Certificate’ > - Added section called ‘Pertaining to Certificates Issued by this CA’ > - Added 'Full CRL Issued By This CA' field to this new section. > Note: CAs modify this field directly on intermediate cert pages. > > On Root Cert pages: > - Added section called ‘Pertaining to Certificates Issued by this CA’ > - Added 'Full CRL Issued By This CA' field to this new section. > Note: Only root store operators may directly update root cert pages, so > send email to your root store operator if you would like a URL added to > this new field for a root cert. > > > Coming soon: > Add 'Full CRL Issued By This CA' column to report: > http://ccadb-public.secure.force.com/ccadb/AllCertificateRecordsCSVFormat > > > Thanks, > Kathleen
Kathleen, This introduces an interesting question, how might Mozilla want to see partial CRLs be discoverable? Of course, they are pointed to by the associated CRLdp but is there a need for a manifest of these CRL shards that can be picked up by CCADB? Ryan _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy