As far as we know certificate revocation lists (CRLs) include public information so they do not have to be encrypted before distribution.
Is there a case that can require to encrypt it before distribution? A case in which eavesdroppers can capture some information from the CRL and use it to perform an attack?
No. A CRL is as public as the certificate it revokes; it has to be signed to guarantee authenticity, but not encrypted. There are no optional confidentiality requirements for CRL distribution in RFC 5280. It is not even common practice to use anything other than plain http for the CRL distribution points. The whole idea with CRLs is to get them out there to as many as possible, as fast as possible, with as little performance overhead as possible, without sacrificing authenticity.
That said, it might be worth pointing out that an attacker who has compromised the private key corresponding to a certificate, might have an interest in preventing clients to download any CRL revoking that certificate. One way to counter an attacker that both controls the network and has compromised the private key, is for the client to explicitly check the status of a specific server certificate, prior to connecting to the server. Combining CRL distribution with OCSP over https MAY be one way to prevent certain attacks.
