[16] [DFN[CRLSet]] は、 [[Chrome]] が[[証明書の失効]]の確認のために使っている失効情報ファイルです。 * 関連 [17] [[Firefox]] は [[OneCRL]] という同様の情報ファイルを使っています。 * 歴史 [1] [CITE@en[ImperialViolet - Revocation checking and Chrome's CRL]] ([[Adam Langley]] 著, [TIME[2015-03-21 15:52:05 +09:00]] 版) [2] [CITE@en[agl/crlset-tools]] ([TIME[2015-03-21 15:52:45 +09:00]] 版) [3] [CITE[CRLSets - The Chromium Projects]] ([TIME[2015-03-21 10:14:33 +09:00]] 版) [4] [CITE@en-US[CA Security Council | CASC Heartbleed Response]] ([TIME[2015-03-21 16:01:53 +09:00]] 版) [5] [CITE@en[GRC's | Chrome's CRLSet Effectiveness Evaluation  ]] ([TIME[2015-03-21 16:03:28 +09:00]] 版) [7] [CITE@en[886471 – Add Preloaded CRLSet mechanism]] ([TIME[2015-03-21 16:07:16 +09:00]] 版) [33] [CITE[Security FAQ - The Chromium Projects]] ([TIME[2015-06-06 06:30:25 +09:00]] 版) [6] [CITE@en[draft-hallambaker-compressedcrlset-00 - Compressed CRL Sets]] ( ([TIME[2016-04-06 22:52:51 +09:00]])) [8] [CITE@en[net/cert/crl_set_storage.cc - chromium/src - Git at Google]] ( ([TIME[2016-05-09 22:57:35 +09:00]])) [9] [CITE[#745646 - chromium: CRLSet (for certificate revocation checking) silently remains outdated - Debian Bug report logs]] ( ([TIME[2014-06-02 16:28:38 +09:00]])) [FIG(quote)[ [FIGCAPTION[ [10] [CITE['''['''cabfpub''']''' Request for details on CRL Sets]] ( ([TIME[2013-08-28 03:57:30 +09:00]])) ]FIGCAPTION] > Originally the hope was to > include all EV CRLs in the CRLSet since the set of EV CAs is much > smaller. However, that hasn't worked out for size reasons and so we > have the online fallback for EV certs. Whether the online checks are > worthwhile for EV certs isn't terribly clear, but it's what we're > doing for now. ]FIG] [11] [CITE['''['''cabfpub''']''' Request for details on CRL Sets]] ( ([TIME[2013-08-27 07:49:20 +09:00]])) [12] [CITE@en[ImperialViolet - Revocation checking and Chrome's CRL]] ( ([[Adam Langley]]著, [TIME[2016-05-09 23:21:03 +09:00]])) [13] [CITE@en[Issue 589336 - chromium - Integrate CRLSets into the NSS certificate path building logic - Monorail]] ( ([TIME[2016-05-09 23:23:31 +09:00]])) [14] [CITE@en[Issue 305443 - chromium - Chrome for Android doesn't seem to respect CRL - Monorail]] ( ([TIME[2016-05-09 23:24:43 +09:00]])) [15] [CITE@en[ImperialViolet - Revocation still doesn't work]] ( ([[Adam Langley]]著, [TIME[2016-05-09 23:37:08 +09:00]])) [18] 現在のファイルは137KBあります。 [TIME[2016-05-31T03:19:20.800Z]] [FIG(quote)[ [FIGCAPTION[ [19] [CITE@en[Check Chrome components - Chrome Help]] ( ([TIME[2016-05-31 12:24:13 +09:00]])) ]FIGCAPTION] > You may notice the file name “Certificate Revocation Lists.” > What it is: CRLSets help block website certificates that are potentially unsafe. > How it's used by Chrome: Chrome can sense when there’s something wrong with a website’s security certificate. When a site is suspected to be unsafe (for example, one that pretends to be a trusted website and tricks you into sharing sensitive information), Chrome uses CRLSets to react quickly. ]FIG] [22] [CITE@ja[自堕落な技術者の日記 : 将来Google ChromeがSSL証明書のオンライン失効検証をやめて独自の失効情報プッシュを行うという困った話 - livedoor Blog(ブログ)]], [TIME[2021-03-16T09:16:17.000Z]] [20] [CITE@en[data/ssl/scripts/crlsetutil.py - chromium/src/net - Git at Google]] ( ([TIME[2016-05-31 12:25:34 +09:00]])) [21] [CITE[Issue 418173004: Enable and fix CRLSet and remoting tests on non-Android OpenSSL. - Code Review]] ( ([TIME[2016-05-31 12:27:03 +09:00]]))