J.C. Jones
J.C. Jones
The Chrome Root Program Policy v1.5 has limited roots in their program [to a maximum lifetime of 15 years from generation](https://www.chromium.org/Home/chromium-security/root-ca-policy/#root-ca-term-limit), which is the source these shorter validity periods.
I would recommend we split this ticket apart. Rate limit data is very well suited for key-value stores, which often have Redis-compatible command sets (we probably shouldn't use Redis itself...
I don't see any reason why the CRL aggregator couldn't download a list of additional CRLs, or even scrape some websites for lists of additional CRLs -- but I do...
Just further thoughts: Already all logs for CRLite are published, so CRL data is public. I wouldn't want to change that without cause, so I would argue that these CRLs...
Since lists are likely to be sharded, what CRLite would prefer is to be provided a CRL URL for an issuer from the CCADB which is either: 1) A monolithic...
In the case of CRLite, I can easily imagine setting a deadline on a per-issue basis that all revocation data needs to be acquired within X seconds of network activity...
The short answer is 'yes', though additional coordination on our side is still necessary. Work on improving the auditing of CRLs is ongoing, and then I'd at least feel more...
Hi, all - I'm one of the folks building U2F support natively into Firefox. It looks like it won't make it in for 57, I'm afraid, but we'll almost certainly...
@prefiks: How common are external facets, by the way? [Firefox Bug 1244959](https://bugzilla.mozilla.org/show_bug.cgi?id=1244959) is about adding support for them, but I don't know where they're used in the wild. Any pointers...
Indeed, @NodokaMurmevent: Experimental support landed in Firefox 57 ("Firefox Quantum"), where this extension (unfortunately) stops working. Tweet: https://twitter.com/jamespugjones/status/912314952232267777 There is [no external FacetID support in the experimental code in Firefox](https://twitter.com/jamespugjones/status/912315652072812544),...