This discussion thread is to address Issue #256 <https://github.com/mozilla/pkipolicy/issues/256> and the need to clarify that partitioned CRLs need to include a critical Issuing Distribution Point extension.
The language proposed for addition to Mozilla Root Store Policy section 4.1 <https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#41-additional-requirements> would read, "Each CRL referenced by the JSON Array of Partitioned CRLs MUST contain a critical Issuing Distribution Point extension. The Issuing Distribution Point extension MUST contain a distributionPoint containing a UniformResourceIdentifier whose value equals the URL of the CRL in the JSON Array of Partitioned CRL". Please provide any comments or suggestions. Thanks, Ben -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZ3nUbS9_hQUJ5rUzb%3DyPYkA-3ienthPwqMGdP8Fo-86g%40mail.gmail.com.
