On 05/01/2013 08:40 PM, Brian Smith wrote:
Robert Relyea wrote:
Brian, I was under the impression you wanted to remove the CRL
autofetching feature (where you enter a URL and a fetching time and
the CRL will automatically be fetched). When I looked at the UI, it
looked like it had both the URL fetching feature as well as the
ability to manage downloaded CRLs. I think you need to be careful
about removing the management ability with CRLs. The most important
part of the UI is the ability to delete CRLs which may have gotten
into the database.
My intent is to remove/disable all aspects of this feature: the UI *and* the
processing of CRLs stored in the database.
Oh, in that case I can say we have customers that definately need to use
CRLs that have been loaded and stored in the database.
Any the processing of already loaded CRLs is part of NSS proper. You
can load them and delete them by hand with crlutil. What you can't do
is have them automatically refreshed.
Sean, is it the ability to load offline CRLs or the automatically
fetch/refresh them that you object to. I already know that processing
offline, already loaded CRLs are a requirement, so it's not going
away from NSS anytime soon.
To be clear, I don't know of any reason to consider the processing of
already-loaded CRLs as a requirement for Firefox.
Oh, then I'd say we really can't remove it....
bob
Anyway, I wouldn't get to hung up about what NSS currently does. We can always
change Firefox and/or NSS to get the behavior we need.
Cheers,
Brian
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
