Hi,
We are running a CA that has thousands of revoked certificates which leads to CRLs of several MBytes. On the next nenewal of the CA, we are thinking of partitioning the CRLs at each X number of issued certificates. The issued certificates will have different CRL Distribution Points (CDP) according to the partitions they are assigned. For example, for X=100, from certificate 1 to certificate 100, the CDP would be http://myca.com/crl/myca-0001.crl, from certificate 101 to 200 the CDP would be http://myca.com/crl/myca-0002.crl, and so on. My question: Is Mozilla/NSS/PSM prepared to support partitioned CRLs like the way described? In particular, if CRLs are cached, they must be able to merge several different partitions according to the CDP to create a unified view over the revocation universe of a CA. Regards, Nuno Ponte _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto