Frank Hecker wrote, On 2009-02-23 11:30: > I have no problem with NSS ignoring CRLs with CIDP extensions in the > context of CRLDP support; however I think that (e.g.) Firefox should not > treat this as an error but should proceed as if no CRL were ever seen. > (I think it's OK to show an error message when the user manually loads a > CRL into Firefox, but I question whether it is useful and right to do so > when the error is a side-effect of auto-fetching a CRL from a CRL > distribution point.)
Displaying of such UI (or not) is a PSM issue, of course. > I can't speak for the NSS developers, however speaking personally I see > no reason to drop support for manual import of CRLs. The functions in NSS by which CRLs are imported from application memory into NSS will certainly not go away. Whether Firefox will continue to support manual import is a PSM question, not NSS. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
