On 07/11/17 14:08, niklas.bachma...@googlemail.com wrote: > I'm working for a big managed security provider. We would like to > benefit from OneCRL as a means of improving our certificate > revocation checking.
As in, you'd like to download one copy per day, or you'd like 100,000 clients to download one copy per day? > I could download OneCRL at > https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/certificates/records. > My question is if there is a license on OneCRL or if we are free to > use it? We have not put an explicit license on the data but certainly, in keeping with Mozilla's principles of openness and sharing, it is available for all to use. However, that doesn't mean our IT team might not take action against clients making abusively large numbers of requests. So if your usage of the list might get noticed, it would be wise to talk to us first. > Further I'm wondering if Mozilla has already thought about > third party users and provides another way of getting the most recent > version of OneCRL than getting the above mentioned website and > comparing if the content has changed? What other method might you have in mind that would be better than a computer-readable highly-available web service? I suspect if you send it an If-Modified-Since or other similar headers you might also get a Not Modified response rather than another copy of the data. But look at the code for Kinto or ask the people who wrote it. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy