boulder icon indicating copy to clipboard operation
boulder copied to clipboard
verified publisher icon letsencrypt

CRL ceremony: take previous CRL as input

Open aarongable opened this issue 2 years ago • 0 comments

The CRL ceremony type should take a previously-published CRL as one of its inputs. It can then check:

  • that the configured CRL number is greater than the previous number
  • that the configured list of revoked certs isn't missing any that were present in the previous CRL, and that weren't already expired at the time of that previous CRL
  • that the Issuer and Issuing Distribution Point (if present) is/are identical

aarongable avatar Aug 30 '23 20:08 aarongable