On Wednesday, November 18, 2020 at 3:07:32 PM UTC-8, Kathleen Wilson wrote:
> All, 
> 
> The following changes have been made in the CCADB: 
> 
> On Intermediate Cert pages: 
> - Renamed section heading ‘Revocation Information’ to ‘Revocation 
> Information for this Certificate’ 
> - Added section called ‘Pertaining to Certificates Issued by this CA’ 
> - Added 'Full CRL Issued By This CA' field to this new section. 
> Note: CAs modify this field directly on intermediate cert pages. 
> 
> On Root Cert pages: 
> - Added section called ‘Pertaining to Certificates Issued by this CA’ 
> - Added 'Full CRL Issued By This CA' field to this new section. 
> Note: Only root store operators may directly update root cert pages, so 
> send email to your root store operator if you would like a URL added to 
> this new field for a root cert. 
> 
> 
> Coming soon: 
> Add 'Full CRL Issued By This CA' column to report: 
> http://ccadb-public.secure.force.com/ccadb/AllCertificateRecordsCSVFormat 
> 
> 
> Thanks, 
> Kathleen


Kathleen,

This introduces an interesting question, how might Mozilla want to see partial 
CRLs be discoverable? Of course, they are pointed to by the associated CRLdp 
but is there a need for a manifest of these CRL shards that can be picked up by 
CCADB?

Ryan
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to