Hi Corey,
From Apple’s perspective, the desire was first to have the field added to
CCADB. From here, we’re planning on sending out a CA Communication notifying
CAs that the field is available and requesting that CAs populate it. We are
considering a requirement that Full CRLs be made available
Wilson
Sent: Thursday, November 19, 2020 6:14 PM
To: Ryan Hurst ; Corey Bonnell
Cc: Mozilla
Subject: Re: CCADB Proposal: Add field called Full CRL Issued By This CA
FWIW - Here is a recent post on this issue from JC Jones -
https://github.com/mozilla/crlite/issues/43#issuecomment-726493990
On Thursday, November 19, 2020 at 3:13:58 PM UTC-8, Ben Wilson wrote:
> FWIW - Here is a recent post on this issue from JC Jones -
> https://github.com/mozilla/crlite/issues/43#issuecomment-726493990
> On Thu, Nov 19, 2020 at 4:00 PM Ryan Hurst via dev-security-policy <
> dev-secur...@lists.mozil
FWIW - Here is a recent post on this issue from JC Jones -
https://github.com/mozilla/crlite/issues/43#issuecomment-726493990
On Thu, Nov 19, 2020 at 4:00 PM Ryan Hurst via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Wednesday, November 18, 2020 at 8:26:50 PM UTC-8,
On Wednesday, November 18, 2020 at 8:26:50 PM UTC-8, Ryan Sleevi wrote:
> On Wed, Nov 18, 2020 at 7:57 PM Ryan Hurst via dev-security-policy <
> dev-secur...@lists.mozilla.org> wrote:
>
> > Kathleen,
> >
> > This introduces an interesting question, how might Mozilla want to see
> > partial CR
Hi Kathleen,
Thank you for posting the notification concerning the update to CCADB. I have a
follow-up question: in the discussion captured in
https://github.com/mozilla/pkipolicy/issues/218, it appears that there's a
desire for CAs to produce and publish complete CRLs for end-entity certificate
On Wed, Nov 18, 2020 at 7:57 PM Ryan Hurst via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Kathleen,
>
> This introduces an interesting question, how might Mozilla want to see
> partial CRLs be discoverable? Of course, they are pointed to by the
> associated CRLdp but is
On Wednesday, November 18, 2020 at 3:07:32 PM UTC-8, Kathleen Wilson wrote:
> All,
>
> The following changes have been made in the CCADB:
>
> On Intermediate Cert pages:
> - Renamed section heading ‘Revocation Information’ to ‘Revocation
> Information for this Certificate’
> - Added section
All,
The following changes have been made in the CCADB:
On Intermediate Cert pages:
- Renamed section heading ‘Revocation Information’ to ‘Revocation
Information for this Certificate’
- Added section called ‘Pertaining to Certificates Issued by this CA’
- Added 'Full CRL Issued By This CA' fie
All,
Root store operators would like to easily find and use the URLs to the
Full CRLs for things like Mozilla’s CRLite. The BRs do not require CRL
URLs in end-entity certificates, and many CAs use partitioned CRLs for
end-entity certificates.
Proposal: Add field called 'Full CRL Issued By Th
10 matches
Mail list logo