OneCRL is Mozilla's push-based revocation system. Up to now, it's been a little bit opaque. Thanks to the ever-excellent Rob Stradling, we now have a web page showing all the certs in OneCRL: https://crt.sh/mozilla-onecrl This shows what's on it, and information about why by linking to the relevant bugs.
If you want to download OneCRL yourself, the URL is: https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/certificates/records It's JSON. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy