CRLs Matter When Certs Matter


Jon Udell writes:

Mozilla does CRL right. Last night, as an experiment, I revoked one of my Thawte Freemail certificates. Today I sent myself a message signed with that now-bogus cert. Few people have ever used an S/MIME cert. Still fewer, I am sure, have explored how email software deals with a CRL (certificate revocation list). ... [Jon's Radio]

CRLs are something I didn't pay much attention to until we started using digital certificates for things that really mattered (like law enforcement).  This is interesting information and its not surprising, I guess that Mozilla does it right.