Robert Relyea wrote: > Brian, I was under the impression you wanted to remove the CRL > autofetching feature (where you enter a URL and a fetching time and > the CRL will automatically be fetched). When I looked at the UI, it > looked like it had both the URL fetching feature as well as the > ability to manage downloaded CRLs. I think you need to be careful > about removing the management ability with CRLs. The most important > part of the UI is the ability to delete CRLs which may have gotten > into the database.
My intent is to remove/disable all aspects of this feature: the UI *and* the processing of CRLs stored in the database. > Any the processing of already loaded CRLs is part of NSS proper. You > can load them and delete them by hand with crlutil. What you can't do > is have them automatically refreshed. > > Sean, is it the ability to load offline CRLs or the automatically > fetch/refresh them that you object to. I already know that processing > offline, already loaded CRLs are a requirement, so it's not going > away from NSS anytime soon. To be clear, I don't know of any reason to consider the processing of already-loaded CRLs as a requirement for Firefox. Anyway, I wouldn't get to hung up about what NSS currently does. We can always change Firefox and/or NSS to get the behavior we need. Cheers, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
