With the Debian OpenSSL fallout and my distrust of CAs in general, this seems like a great time to stuff Firefox full of CRLs. I found this page -- http://www.geekwisdom.com/dyn/node/189 -- listing a few major CRL sources, but that seems like it leaves out a bucket of the CAs that Firefox comes equipped with by default. If anyone knows of a good place to go to get CRLs, or has URLs for a few more of the major or semi-major CAs, I'd be grateful. Considering how little-used or badly-configured OCSP commonly seems to be, I'm putting more stock in having CRLs installed in Firefox than I am setting security.OCSP.enabled to 1.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
