stefan.claes...@gmail.com wrote:
Is CIDP required to use in a crl?
No. In fact, the issue with Hongkong Post was that its CDP CRL had the CIDP extension marked as critical, and that was why Firefox had an error when loading it.
The NSS cryptographic library used by Firefox, Thunderbird, and other Mozilla-based products does not recognize the CIDP extension in CRLs and does not support the use of partitioned CRLs. Also, NSS does not currently supporting automatic retrieval of CRLs using the CRLDP extension. NSS will support CRLDP at some time at the future, but there is no commitment yet to support CIDP. So it is best for CAs if their CRLDP extension references a URI for a full CRL, not a partitioned CRL.
Frank -- Frank Hecker hec...@mozillafoundation.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
