[cabfpub] Revocation Information

Tim Shirley TShirley at trustwave.com
Tue Sep 23 12:53:31 UTC 2014

To clarify on question #1: are you looking for a set of URLs that provide revocation information *only* for non-EE certificates?  Put another way, would a CRL not be useful to you if it contained revocation information for both EE and non-EE certificates in the same file?

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
Sent: Tuesday, September 23, 2014 6:35 AM
Subject: [cabfpub] Revocation Information

Hi everyone,

At the face-to-face in Beijing, we talked out our new plan for revocation, and specifically OneCRL, our plan to aggregate revocation information for all non-leaf certificates (and perhaps some others) into a single source which Firefox would then download regularly, probably daily.

I had three questions for the CAs in the group, although there was not time to have a long discussion about them then, so I am presenting them here.

They are:

1) If we asked you to provide a set of URLs which together provided revocation information for all the non-EE certificates in hierarchies which chained up to a root we trust, could you do that?

2) Would all those URLs be URLs to CRLs? (I.e., to reverse the question, are there any intermediate certs for which you only provide revocation info via OCSP?)

3) Would you need some of that set of URLs to be secret (i.e. revealed to Mozilla, but you would prefer Mozilla not to reveal them to others)?
If so, why?

I expect the answers from all CAs to be Yes, Yes and No, so if your answer as a CA would be something else, please speak up :-)

We would want to build a system to make it easy for CAs to provide this information on an ongoing basis, but the discussion of how we do that is out of scope for the moment.

Public mailing list
Public at cabforum.org


This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

More information about the Public mailing list