Would anyone be so kind to fill me in on how TB uses OneCRL, if at all? OneCRL being the revocation method of FF that allows high risk certs to be revoked without a browser update. Does TB disable it? Check it? (And if so, is it persisted to disk, which would leak approximate last runtime?)
I ask because a similar thing might be the way to go for proposal 273 and want to understand precedent/how this was considered in the past...
-tom