[SSL Observatory] Adding CRLs to the Observatory?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Mar 20 00:43:50 PDT 2011
Jacob Appelbaum <jacob at appelbaum.net> writes:
>I think we shouldn't mark it as seen until we've seen it in the wild.
I was wondering more what the visibility criteria were... does dumping a CRL
in pastebin count? In other words, in order for a revocation to be effective,
the CRLs have to be used by RPs, and just because they're visible somewhere
(ftp://64.33.12.1/pub/ftp/misc/other/misc/etc/archive/misc/alt/other/177545.crl)
doesn't mean that they're having any useful effect. So I think you'd at least
need to distinguish betwen "usable" (present in a CRLDP) vs. "visible"
(present in pastebin) vs "invisible" (neither of the above).
Peter.
More information about the Observatory
mailing list