Open Bug 489347 Opened 16 years ago Updated 2 years ago

CRL's fetched via CRL DP extension should be stored in cert DB, with the URL

Categories

(NSS :: Libraries, enhancement)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: nelson, Unassigned)

References

(Blocks 1 open bug)

Details

When a full CRL is fetched by libPKIX using a Crl DP extension URL, 
it should be stored, together with its CRL, in cert DB.  Perhaps this
should be optional, but since this CRL fetching is new behavior in this
release, IMO, storing in cert should be the default behavior.

This should be treated as a high priority enhancement request.
Assignee: julien.pierre.boogz → alexei.volkov.bugs
Target Milestone: 3.12.4 → ---
Blocks: 645502
Firefox cannot store the CRL in private browsing mode. And, it must be able to delete all CRLs stored within a certain time frame (e.g. the last few hours) to support "Clear Recent History." Further, Firefox Mobile must somehow manage the caching of CRLs carefully along with the caching of HTTP responses (and intermediate certificates), as we are apparently extremely constrained for disk space on Android. Also, IIRC, writes to the database result in multiple fsyncs which are a potential (and unnecessary) performance problem. For all these reasons, it might be better to have CRL storage managed by the application instead.

The bug assignee is inactive on Bugzilla, so the assignee is being reset.

Assignee: alvolkov.bgs → nobody
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.