1. Why isn't this utility mentioned in http://www.mozilla.org/projects/security/pki/nss/tools? 2. The utility has the "-u url" option when importing. What for? 3. When it imports a CRL, what exactly is the validation that is performed on the CRL, besides signature verification of the issuing CA? Shouldn't it also check the trust flags of the CA, and only import the CRL if the issuing CA is *trusted*?
-- POC
