Thanks; I had already posted this to dev.tech.crypto...
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
It is possible (but not supported) to use have FF download the CRLs specified
by the certificate.
There are (of course) many caveats:
1. This is enabled by changing several hidden prefs (which mean we might change
them at any time without notifying our users).
2. Downloading is not the same as re
On 4/11/2013 1:26 PM, Rick Andrews wrote:
Sid Stamm suggested dev.security...
-Original Message-
From: Ian Melven [mailto:imel...@mozilla.com]
you might also try asking this on mozilla.dev.tech.crypto :)
Sid was wrong :-) The guys who know the technical guts of our crypto
implementa
Sid Stamm suggested dev.security...
> -Original Message-
> From: Ian Melven [mailto:imel...@mozilla.com]
> Sent: Thursday, April 11, 2013 1:22 PM
> To: r andrews
> Cc: dev-security@lists.mozilla.org
> Subject: Re: Firefox behavior with CDPs and AIAs
>
>
> you might also try asking this o
you might also try asking this on mozilla.dev.tech.crypto :)
thanks,
ian
- Original Message -
From: "r andrews"
To: dev-security@lists.mozilla.org
Sent: Thursday, April 11, 2013 12:25:17 PM
Subject: Firefox behavior with CDPs and AIAs
I know that FF allows you to choose a CRL and it w
I know that FF allows you to choose a CRL and it will check status against that
CRL when it finds a cert issued by the CRL issuer. Does anyone know if FF uses
the CDP in the cert or the cert's issuer name as a key to find the CRL?
The reason I ask is in regards to partitioned CRLs, where a CA co
