oss-sec mailing list archives
Re: Certificate policy: OCSP becomes optional and CRLs mandatory for public CAs on Friday
From: "David W. Hodgins" <davidwhodgins () gmail com>
Date: Tue, 12 Mar 2024 09:57:07 -0400
On Tue, 12 Mar 2024 00:28:49 -0400, Demi Marie Obenour <demi () invisiblethingslab com> wrote: <snip>
macOS, iOS, Windows, and possibly Android have system certificate verifiers that can handle this easily. For desktop and server Linux, should a CRLite package be included in system package managers? Would it be feasible for WebPKI and {Open,Boring,Libre}SSL to handle CRLite, or does this mean that NSS should be used for certificate verification?
Isn't that the purpose of the crlutil command in the nss package? From "man 1 crlutil" ... DESCRIPTION The Certificate Revocation List (CRL) Management Tool, crlutil, is a command-line utility that can list, generate, modify, or delete CRLs within the NSS security database file(s) and list, create, modify or delete certificates entries in a particular CRL. https://manpages.org/crlutil Regards, Dave Hodgins
Current thread:
- Certificate policy: OCSP becomes optional and CRLs mandatory for public CAs on Friday Valtteri Vuorikoski (Mar 11)
- Re: Certificate policy: OCSP becomes optional and CRLs mandatory for public CAs on Friday Demi Marie Obenour (Mar 12)
- Re: Certificate policy: OCSP becomes optional and CRLs mandatory for public CAs on Friday David W. Hodgins (Mar 12)
- Re: Certificate policy: OCSP becomes optional and CRLs mandatory for public CAs on Friday Valtteri Vuorikoski (Mar 12)
- Re: Certificate policy: OCSP becomes optional and CRLs mandatory for public CAs on Friday Steffen Nurpmeso (Mar 12)
- Re: Certificate policy: OCSP becomes optional and CRLs mandatory for public CAs on Friday Armin Kuster (Mar 12)
- Re: Certificate policy: OCSP becomes optional and CRLs mandatory for public CAs on Friday Valtteri Vuorikoski (Mar 12)
- Re: Certificate policy: OCSP becomes optional and CRLs mandatory for public CAs on Friday Demi Marie Obenour (Mar 12)