CCADB Proposal: Add field called JSON Array of Partitioned CRLs Issued By This CA

Kathleen Wilson via dev-security-policy Wed, 24 Feb 2021 12:36:13 -0800

All,

As previously discussed, there is a section on root and intermediatecertificate pages in the CCADB called ‘Pertaining to Certificates Issuedby this CA’, and it currently has one field called 'Full CRL Issued ByThis CA'.

Proposal: Add field called 'JSON Array of Partitioned CRLs Issued ByThis CA'


Description of this proposed field:

When there is no full CRL for certificates issued by this CA, provide aJSON array whose elements are URLs of partitioned, DER-encoded CRLs thatwhen combined are the equivalent of a full CRL. The JSON array may omitobsolete partitioned CRLs whose scopes only include expired certificates.


Example:

[
  "http://cdn.example/crl-1.crl";,
  "http://cdn.example/crl-2.crl";
]

Additionally, I propose adding a new section tohttps://www.ccadb.org/cas/fields called “Revocation Information”.


The proposed draft for this new section is here:
https://docs.google.com/document/d/1uVK0h4q5BSrFv6e86f2SwR5m2o9Kl1km74vG4HnkABw/edit?usp=sharing


I will appreciate your input on this proposal.

Thanks,
Kathleen


_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

CCADB Proposal: Add field called JSON Array of Partitioned CRLs Issued By This CA

Reply via email to