Now that several root programs require disclosure of CRLs in the CCADB, I've begun regularly crawling disclosed CRLs to look for problems.
The list of identified problems can be found here: https://sslmate.com/labs/crl_watch/ CRL Watch is currently tracking problems with 29 distinct issuers. The most common problem is CAs disclosing the wrong URL in the CCADB. Remember, the disclosed CRL should be for certificates issued by the CA, not the CRL that covers the CA certificate. CAs should examine https://sslmate.com/labs/crl_watch/ and address any problems. Regards, Andrew -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/20230220084828.a2f70e6fa617a4551451f6b5%40andrewayer.name.
