[cryptography] Chrome to drop CRL checking

Taral taralx at gmail.com
Tue Feb 7 19:34:46 EST 2012


On Tue, Feb 7, 2012 at 7:25 AM, Alexandre Dulaunoy <a at foo.be> wrote:
> $ ./crlset dump crl-set | wc -l
> 1656
>
> Maybe they use a bloomfilter-like format or something like that. But
> it seems that their current bundle is
> not matching the numbers of the revoked certificate especially the
> ones with a reason.
>
> Information about the Google CRLSet format is welcome.

A glance at the code says the dump is of the form:

spki hash
  serial
  serial
  serial

And it looks like it's been updated:

% ./crlset dump crlset | grep '^ ' | wc -l
3809

-- 
Taral <taralx at gmail.com>
"Please let me know if there's any further trouble I can give you."
    -- Unknown



More information about the cryptography mailing list