Closed
Bug 371501
Opened 17 years ago
Closed 11 years ago
Set an upper bound on CRL lifetime
Categories
(Core :: Security: PSM, enhancement)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: nelson, Unassigned)
References
Details
Gervase has recently discovered that there are some CAs in mozilla's list that have CRL's with nextUpdate times that are 6 or 12 months after the thisUpdate time! PSM dutifully waits until the nextUpdate time before fetching a new copy of the URL. I think PSM should have its own upper bound on the amount of time that it will continue to trust a CRL after it has been fetched, before it tries to fetch a new copy. I suggest that that limit be no more than a few days, maybe a week tops.
Updated•17 years ago
|
QA Contact: psm
Comment 2•11 years ago
|
||
The CRL Manager / Revocation Lists feature was removed.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•