95469 - PSM treats delta CRL as a full CRL in certificate validation

Status: VERIFIED DUPLICATE of bug 101038

(Core Graveyard :: Security: UI, defect, P2)

Description

[awnuk]

PSM treats delta CRL as a full CRL in certificate validation process,
which means that certificates listed on previously imported full CRL
are valid after importing new delta-CRL.

Comment 1

[Stephane Saux]

We don't support delta CRLs at the moment.
t->future
We need to do some specification work on what we want to do about them.

Comment 2

[Keyser Sose]

Marking nEW.

Comment 3

[John Unruh]

OS > all

Comment 4

[Hong Kwon]

marking nsenterprise-; will be reevaluated for nsenterprise in future release.

Comment 5

[Stephane Saux]

The roadmap for delta CRL is:
1) PSM will report an error when attempting to load delta crls (2.2, this bug)
2) When NSS has good support for delta crls we will restore the capability to
import them.

Comment 6

[awnuk]

and what is the schedule for (2)?

Comment 7

[Rangan Sen]

For 3.4, NSS will stop delta CRLs from being loaded[bug# 103946]. As for full
support of delta crls by NSS, to my knowledge, a timeline has not been defined 
yet.

Making this bug a dup of bug# 10138

*** This bug has been marked as a duplicate of 10138 ***

Comment 8

[Rangan Sen]

Sorry, that was a typo , that would be 101038 - not 10138 - reopening to mark
proper dup

Comment 9

[Rangan Sen]

*** This bug has been marked as a duplicate of 101038 ***

Comment 10

[John Unruh]

Verified dupe.