Ticket #123 (reopened defect)
debathena-ssl-certificates should include a CRL
Reported by: | broder | Owned by: | |
---|---|---|---|
Priority: | low | Milestone: | The Distant Future |
Component: | -- | Keywords: | |
Cc: | Fixed in version: | ||
Upstream bug: |
Description
From: Jeffrey I. Schiller <jis@MIT.EDU> To: Anders Kaseorg <andersk@MIT.EDU> Cc: scripts-moira@MIT.EDU Subject: Re: One of your Certificates is Compromised [help.mit.edu #629346] Date: Sun, 18 May 2008 17:15:39 -0400 Thanks. I didn't check to see if a new certificate had been issued. I have published a CRL at http://ca.mit.edu/mitca.crl (I believe it can be references via https as well, but it is a signed object so this isn't necessary). Of course if people don't import this CRL into their browser, it doesn't do much good (though once imported into Firefox, it will be automatically updated if the user sets it that way). -Jeff
Unfortunately, ca-certificates-java apparently throws "some absurd error" if you include a CRL in the pack of certificates, and it's not really clear if including a CRL via update-ca-certificates is even meaningful.
We should find out if it is meaningful, and if it is, file a bug about ca-certificates-java.
Change History
comment:2 Changed 15 years ago by broder
- Status changed from new to closed
- Resolution set to wontfix
Apparently mitcert-issued certs now include a CRL in them, which means that this will be a completely moot point in one year, if it's not already.
Note: See
TracTickets for help on using
tickets.