Closed Bug 477243 Opened 17 years ago Closed 17 years ago

Collect the full set of URLs for all CRLs used by EV certs issued by SECOM Trust

Categories

(CA Program :: CA Certificate Root Program, task)

Product:
CA Program
Component:
CA Certificate Root Program
Platform:
x86
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: KaiE, Assigned: johnath)

References

(
URL
)

Details

No description provided.
Blocks: 477244
From communication with SECOM's Hisashi Kamo-san: -- SNIP -- In regards to full/ incremental CRL and your question that "Can you confirm that SECOM does not employ incremental CRLs for its EV certificates?", we provide answers as follows. No, we don't, but we believe that you have no problem, because we DO employ full CRL for EV certificates. Just as you know, our EV certificates have CRLDP looks like the following: [1]CRL Distribution Point Distribution Point Name: Full Name: URL=http://repo1.secomtrust.net/spcpp/pfw/pfwevca/fullcrl.crl [2]CRL Distribution Point Distribution Point Name: Full Name: Directory Address: CN=CRL1 CN=SECOM Passport for Web EV CA O="SECOM Trust Systems CO.,LTD." C=JP If you download data from the URL in the first CRLDP, you can say that this data is full CRL, since this CRL has no unrecognized critical extension, provided that you recognize all standard critical extensions. Once you have full CRL, you can just ignore other data, like second CRLDP. This is why we think you have no problem with it. I suppose that you did not have any problem on the data, which the URL points, because its size is fairly small (< 2KB). -- END SNIP -- I understand this to mean that SECOM uses a single, complete CRL for their EV certificates, stored at this URL: http://repo1.secomtrust.net/spcpp/pfw/pfwevca/fullcrl.crl
No longer blocks: 477244
URL: http://repo1.secomtrust.net/spcpp/pfw...
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
replacing mid-aired removal of dependent bug.
Blocks: 477244
Johnathan, could I ask you to confirm that this is no longer an issue?
(In reply to comment #3) > Johnathan, could I ask you to confirm that this is no longer an issue? Gen, I can't confirm that the problem is fixed until bug 477244 (and, really, bug 474606) is resolved. I do think that SECOM has done all they need to do for the moment in terms of answering our questions, and I very much appreciate that quick response (and have resolved this bug as a result). I'm sorry that I don't have a more concrete long term answer here, but we are continuing to try to reach a solution that makes everyone as happy as possible.
Johnathan-san, Could you please let us know your current status? When can we expect to be arranged for EV? Again, thank you for your consideration.
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.