SSL Cert Revocation Lists?

DA-MAN asks: "Browsers ship with a ton of different certificate authorities that provide 'trust' for secure sites that we visit. With all of these certificate authorities comes a certificate revocation list, which is to flag bad certs. Firefox, IE and Safari do not have an automated way to pull updated lists from all of the different certificate authorities, so one must download each CRL manually and import them into the browser. It occurred to me the other day that the only time I've ever seen this feature in use was when Microsoft inserted the CRL for a certificate that was mistakenly issued by Verisign with the "Microsoft Corporation" name. All that said, I was just wondering if anyone cares about this? Do you actually import updated CRL's into your browser? Why can't the CRL be signed by the Cert Authority and automatically imported?" What other browsers support automatic CRL updates?

This would be nice

[gcnaddict]

It would be great to see someone write a Firefox extension which merged the CRLs into Firefox, though I'm not sure how to pull that off in the first place :(

Still, I'd love to see someone do it!

Re:CRLs = blacklists

[jaseuk]

Precisely. All SSL is really good for on the general internet is to prevent casual sniffing. You can sign up for a cert these days for $25 with very little clearance. The trust element has completely gone, if it was ever there at all?