I took a hack at the blog post. I kept your outline, but ended up
text-editing a bunch of it. I think it's pretty good now.
On Thu, Jul 31, 2014 at 10:07 PM, Richard Barnes
wrote:
> Hi all,
>
> We in the Mozilla PKI team have been discussing ways to improve revocation
>
Sorry, wrong thread. Expect to see a security blog post about revocation
soon, summarizing some recent work :)
On Sat, Nov 21, 2015 at 11:59 AM, Richard Barnes
wrote:
> I took a hack at the blog post. I kept your outline, but ended up
> text-editing a bunch of it. I
On 07/08/14 23:17, fhw...@gmail.com wrote:
Curious to know the process by which cert holders will get their
certs‎ added to these lists. How much of that flow and the necessary
security measures have been worked out?
Cert holders get their certs added to CRLs maintained by their CA. Cert
http://dev.chromium.org/Home/chromium-security/crlsets says:
The limit of the CRLSet size is 250KB
Have Mozilla decided what the maximum OneCRL size will be?
On 01/08/14 03:07, Richard Barnes wrote:
Hi all,
We in the Mozilla PKI team have been discussing ways to improve revocation checking in
On Aug 7, 2014, at 9:47 AM, Rob Stradling rob.stradl...@comodo.com wrote:
http://dev.chromium.org/Home/chromium-security/crlsets says:
The limit of the CRLSet size is 250KB
Have Mozilla decided what the maximum OneCRL size will be?
No, we haven't.
The need for a limit largely depends on
-cry...@lists.mozilla.org;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: New wiki page on certificate revocation plans
On Aug 7, 2014, at 9:47 AM, Rob Stradling rob.stradl...@comodo.com wrote:
http://dev.chromium.org/Home/chromium-security/crlsets says:
The limit of the CRLSet size
I am generally in favour of this plan - I think it's the right way to
go. I am not sure we will ever get to hard-fail for plain OCSP, but I am
very happy for that to be a data-driven decision somewhere down the line.
On 01/08/14 03:07, Richard Barnes wrote:
There's one major open issue
On Jul 31, 2014, at 11:23 PM, Jeremy Rowley jeremy.row...@digicert.com wrote:
This is great. Thanks Richard!
Thanks go to the whole team. This was very much a group effort.
For OneCRL and the EE certs, establishing parameters around when an EE is
eligible for inclusion would give
This is great. Thanks Richard!
For OneCRL and the EE certs, establishing parameters around when an EE is
eligible for inclusion would give guidance to CAs about when to report
revocations. Is the OneCRL intended for when the cert is compromised because
of a breach of the CA? Or can high
9 matches
Mail list logo