Nelson B Bolyard wrote:
Presently, A user must initiate the first fetch of a CRL from the CA.
To clarify, AFAIK all that is required is for a user to click on a link to the CRL, *if* the CRL data is returned with a MIME type of "application/pkix-crl". Firefox then imports the CRL and prompts the user whether or not they want the CRL to be automatically updated.
If the CRL isn't returned with the proper MIME type that AFAIK the only way to import the CRL is through the Firefox preferences dialog: Advanced -> Security -> Revocation Lists -> Import -> (enter the URL of the CRL). (For importing a CRL from disk one could presumably enter a file: URL.)
I have lots of CRL links on my CA certificate page for anyone who wants to test CRL importation:
http://www.hecker.org/mozilla/ca-certificate-list
OCSP checking may be enabled or disabled by the user.
From the Firefox preferences: Advanced -> Security -> Verification Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
