Users of Firefox from Firefox 37 will be protected by a new feature called OneCRL. This is a new mechanism we have introduced to push lists of revoked intermediate certificates to the browser. Using OCSP for certificate revocation doesn’t serve users very well. For online revocation checks, either you have a system that fails open or you accept the performance penalty of checks that are more stric
![Revoking Intermediate Certificates: Introducing OneCRL | Mozilla Security Blog](https://cdn-ak-scissors.b.st-hatena.com/image/square/3edcf8fc3d8dccaaaf948b4d3355440f35b34b36/height=288;version=1;width=512/https%3A%2F%2Fblog.mozilla.org%2Fsecurity%2Fwp-content%2Fthemes%2FOneMozilla%2Fimg%2Fmozilla-wordmark.png)