AFAIK, no browsers bother to consult CRLs unless the user spends a lot of time configuring a CRL for each embedded CA certificate that the browser ships with. Making the whole X.509 PKI fairly useless in practice.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds