[16] CRLSet は、 Chrome が証明書の失効の確認のために使っている失効情報ファイルです。
[1] ImperialViolet - Revocation checking and Chrome's CRL (Adam Langley 著, 版) https://www.imperialviolet.org/2012/02/05/crlsets.html
[2] agl/crlset-tools ( 版) https://github.com/agl/crlset-tools
[3] CRLSets - The Chromium Projects ( 版) https://dev.chromium.org/Home/chromium-security/crlsets
[4] CA Security Council | CASC Heartbleed Response ( 版) https://casecurity.org/2014/05/08/casc-heartbleed-response/
[5] GRC's | Chrome's CRLSet Effectiveness Evaluation ( 版) https://www.grc.com/revocation/crlsets.htm
[7] 886471 – Add Preloaded CRLSet mechanism ( 版) https://bugzilla.mozilla.org/show_bug.cgi?id=886471
[33] Security FAQ - The Chromium Projects ( 版) http://www.chromium.org/Home/chromium-security/security-faq#TOC-What-s-the-story-with-certificate-revocation-
[6] draft-hallambaker-compressedcrlset-00 - Compressed CRL Sets ( ()) https://tools.ietf.org/html/draft-hallambaker-compressedcrlset-00
[8] net/cert/crl_set_storage.cc - chromium/src - Git at Google ( ()) https://chromium.googlesource.com/chromium/src/+/master/net/cert/crl_set_storage.cc
[9] #745646 - chromium: CRLSet (for certificate revocation checking) silently remains outdated - Debian Bug report logs ( ()) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745646
Originally the hope was to
include all EV CRLs in the CRLSet since the set of EV CAs is much
smaller. However, that hasn't worked out for size reasons and so we
have the online fallback for EV certs. Whether the online checks are
worthwhile for EV certs isn't terribly clear, but it's what we're
doing for now.
[11] [cabfpub] Request for details on CRL Sets ( ()) https://cabforum.org/pipermail/public/2013-August/002134.html
[12] ImperialViolet - Revocation checking and Chrome's CRL ( (Adam Langley著, )) https://www.imperialviolet.org/2012/02/05/crlsets.html
[13] Issue 589336 - chromium - Integrate CRLSets into the NSS certificate path building logic - Monorail ( ()) https://bugs.chromium.org/p/chromium/issues/detail?id=589336
[14] Issue 305443 - chromium - Chrome for Android doesn't seem to respect CRL - Monorail ( ()) https://bugs.chromium.org/p/chromium/issues/detail?id=305443
[15] ImperialViolet - Revocation still doesn't work ( (Adam Langley著, )) https://www.imperialviolet.org/2014/04/29/revocationagain.html
[18] 現在のファイルは137KBあります。
You may notice the file name “Certificate Revocation Lists.”
What it is: CRLSets help block website certificates that are potentially unsafe.
How it's used by Chrome: Chrome can sense when there’s something wrong with a website’s security certificate. When a site is suspected to be unsafe (for example, one that pretends to be a trusted website and tricks you into sharing sensitive information), Chrome uses CRLSets to react quickly.
[22] 自堕落な技術者の日記 : 将来Google ChromeがSSL証明書のオンライン失効検証をやめて独自の失効情報プッシュを行うという困った話 - livedoor Blog(ブログ), http://blog.livedoor.jp/k_urushima/archives/1656214.html
[20] data/ssl/scripts/crlsetutil.py - chromium/src/net - Git at Google ( ()) https://chromium.googlesource.com/chromium/src/net/+/refs/heads/master/data/ssl/scripts/crlsetutil.py
[21] Issue 418173004: Enable and fix CRLSet and remoting tests on non-Android OpenSSL. - Code Review ( ()) https://codereview.chromium.org/418173004