Hey JC,
We have a very similar need and will like to use the OneCRL. We will have ~3000
clients pulling the OneCRL once per day. Hopefully, it is acceptable.
-Umesh
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
Niklas,
That's fine. Thanks for the heads up. Note that the format has a
possibility of changing some in 2018, but only in the way of adding fields,
not changing existing data.
Cheers,
J.C.
Crypto Engineering
On Thu, Dec 14, 2017 at 9:03 AM, niklas.bachmaier--- via
dev-security-policy
Hi Gerv,
thanks a lot! Currently we don't know yet if the download would be
centralized or per host as we are just figuring out the concept. I totally
see that large numbers of requests would be something we need to talk about
with you first.
Have a nice day
Niklas
2017-11-08 9:13 GMT+01:00
On 07/11/17 14:08, niklas.bachma...@googlemail.com wrote:
> I'm working for a big managed security provider. We would like to
> benefit from OneCRL as a means of improving our certificate
> revocation checking.
As in, you'd like to download one copy per day, or you'd like 100,000
clients to
Apologies, my understanding is that the XML is synced from the JSON, rather
than the other way around
See https://wiki.mozilla.org/Firefox/Kinto#Blocklists
That is, the canonical source is Kinto (JSON), that is then used to drive
the generation of the blocklist.xml (so that released binaries
Thanks a lot, Ryan! Your comment on the Firefox specific selection of
revoked certificates contained in the list is definitely a point we'll have
to consider.
One more question: do I see it correctly that what is being called OneCRL
is the "certItems" part of
Note that additions and removals are made in OneCRL relate to the behaviour
of mozilla::pkix and the trust lists expressed by the associated version of
NSS shipping with the supported versions of Firefox.
For example, this includes revocation of 'email only' CAs (that are not
appropriately
Hi all
I'm working for a big managed security provider. We would like to benefit from
OneCRL as a means of improving our certificate revocation checking.
I could download OneCRL at
https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/certificates/records.
My
8 matches
Mail list logo
