Frank Hecker wrote:
[...] Am I right that someone
who wished to check revocation status on EE certs in Firefox could just
download the full CRL and use that? [...]
The right word is indeed *could*.
The address of that CRL *does not* appear inside the certificate, and
the adresse of the the CRl that does appear is not usable for Firefox.
It's a quite strong deterrent for the use of CRL for that CA with
Firefox, and I'd really prefer to see a statement from that CA that they
will change the profile of their cert to also include the full CRL as an
alternative, as soon as possible.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
