Closed Bug 371501 Opened 17 years ago Closed 11 years ago

Set an upper bound on CRL lifetime

Categories

(Core :: Security: PSM, enhancement)

Product:
Core
Component:
Security: PSM
Version:
1.8 Branch
Platform:
x86
All
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: nelson, Unassigned)

References

Details

Gervase has recently discovered that there are some CAs in mozilla's list 
that have CRL's with nextUpdate times that are 6 or 12 months after the 
thisUpdate time!  PSM dutifully waits until the nextUpdate time before 
fetching a new copy of the URL.  

I think PSM should have its own upper bound on the amount of time that 
it will continue to trust a CRL after it has been fetched, before it 
tries to fetch a new copy.  I suggest that that limit be no more than
a few days, maybe a week tops.
QA Contact: psm
reassign bug owner.
mass-update-kaie-20120918
Assignee: kaie → nobody
The CRL Manager / Revocation Lists feature was removed.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.