Confirmed users, Administrators
5,526
edits
CA:ImprovingRevocation: Difference between revisions
Jump to navigation
Jump to search
→Change Name
| Line 109: | Line 109: | ||
* Process Change: To be determined, but may include changes to the Inclusion Process, and EV treatment (maybe EV treatment is only granted when the CA is providing this information?) | * Process Change: To be determined, but may include changes to the Inclusion Process, and EV treatment (maybe EV treatment is only granted when the CA is providing this information?) | ||
=== Preload Revocations of Certain End-Entity Certificates === | |||
Push revocation information of certain revoked end-entity certificates to clients. | |||
Implement a revocation list push mechanism in Firefox, which will push revocation lists of end-entity certificates to Firefox browsers on a regular basis, asynchronously and independently of any SSL site visit. This should only apply to certain revocation circumstances in order to keep the list small/manageable. | |||
* Discussion: ''Link to Discussion Thread'' | |||
* Code Change: ''Bugzilla Bug Number'' | |||
* Dependencies: | |||
** Will need to be very specific about the circumstances for which we want to include revocation information for end-entity certs. | |||
** Will require a notification mechanism for CAs to inform us of which end-entity certs to add to the revocation list. | |||
* Policy Change: Will need to discuss. | |||
** Look into using the notification policy expressed in NIST IR 7924, Section 5.7, minus the private key compromise case. | |||
* Process Change: To be determined. | |||
=== ''Change Name'' === | === ''Change Name'' === | ||