All,
As previously discussed, there is a section on root and intermediate
certificate pages in the CCADB called ‘Pertaining to Certificates Issued
by this CA’, and it currently has one field called 'Full CRL Issued By
This CA'.
Proposal: Add field called 'JSON Array of Partitioned CRLs Issued By
This CA'
Description of this proposed field:
When there is no full CRL for certificates issued by this CA, provide a
JSON array whose elements are URLs of partitioned, DER-encoded CRLs that
when combined are the equivalent of a full CRL. The JSON array may omit
obsolete partitioned CRLs whose scopes only include expired certificates.
Example:
[
"http://cdn.example/crl-1.crl",
"http://cdn.example/crl-2.crl"
]
Additionally, I propose adding a new section to
https://www.ccadb.org/cas/fields called “Revocation Information”.
The proposed draft for this new section is here:
https://docs.google.com/document/d/1uVK0h4q5BSrFv6e86f2SwR5m2o9Kl1km74vG4HnkABw/edit?usp=sharing
I will appreciate your input on this proposal.
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy