It would be very useful in the certificate manager to have a visual indication of which CA certificates we have a CRL for. They could be printed in a different color for example. There should also be an extra button to view the CRL for that CA. The current interface has the CRLs in a completely different place, and there isn't a way to match a CRL with the CA certificate. There should also be a similar indication and button when viewing the CA cert in the cert chain under "details" of a cert.

Some questions to understand how simple a UI could be: - will NSS always store at most one CRL for any given CA? or could there be more than one? - could you provide sample NSS code that can be used to obtain the CRL, given a CERTCertificate pointer? I think color is not the prefered way to show information in the UI, consider the color blind. We therefore need a distinct way to visualize that property anyway. And if we do, we don't need the color in addition.

Kai, There is a function called SEC_FindCrlByName which will return the CRL for an issuer. From a CERTCertificate, you need to call CERT_FindIssuerCert first. PKCS#11 modules may store more than one CRL for the CA. The function will only return the most recent one. This is OK for now as we only support full CRLs. In the future, when we support delta and other tpyes of CRLs, the CRL that NSS uses will be an aggregate of multiple CRLs, but there should still only be one aggregate returned per issuer.

Mass reassign ssaux bugs to nobody

Mass change "Future" target milestone to "--" on bugs that now are assigned to nobody. Those targets reflected the prioritization of past PSM management. Many of these should be marked invalid or wontfix, I think.

The CRL Manager / Revocation Lists feature was removed.