Set an upper bound on CRL lifetime

RESOLVED INCOMPLETE

Status

()

Core
Security: PSM
--
enhancement
RESOLVED INCOMPLETE
12 years ago
5 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Unassigned)

Tracking

1.8 Branch
x86
All
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Gervase has recently discovered that there are some CAs in mozilla's list 
that have CRL's with nextUpdate times that are 6 or 12 months after the 
thisUpdate time!  PSM dutifully waits until the nextUpdate time before 
fetching a new copy of the URL.  

I think PSM should have its own upper bound on the amount of time that 
it will continue to trust a CRL after it has been fetched, before it 
tries to fetch a new copy.  I suggest that that limit be no more than
a few days, maybe a week tops.
QA Contact: psm

Comment 1

6 years ago
reassign bug owner.
mass-update-kaie-20120918
Assignee: kaie → nobody
The CRL Manager / Revocation Lists feature was removed.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.