On Mon, Feb 23, 2009 at 11:30 AM, Frank Hecker <hec...@mozillafoundation.org> wrote: > I can't speak for the NSS developers, however speaking personally I see no > reason to drop support for manual import of CRLs.
Does the CRL processing: 1) handle the notAfter date properly? 2) throw an error when the imported CRL is evaluated after the notAfter date? 3) allow for an attempt to fix the problem *in the interface* (as opposed to having to have the user know what's going on and thus how to resolve it)? I distrust manual import of CRLs because it's far, far too much like importing individual end-entity certificates, with much more wide-ranging consequences. -Kyle H -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
