[15206] in cryptography@c2.net mail archive
Re: Verisign CRL single point of failure
daemon@ATHENA.MIT.EDU (Rich Salz)
Wed Mar 31 22:43:56 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 09 Jan 2004 14:06:38 -0500
From: Rich Salz <rsalz@datapower.com>
To: dave kleiman <davek@netmedic.net>
Cc: cryptography@metzdowd.com
In-Reply-To: <00d001c3d6e0$9a4000d0$7ad4a8c0@LONEWOLF>
dave kleiman wrote:
> Because the client has a Certificate Revocation Checking function turned on
> in a particular app (i.e. IE or NAV).
I don't think you understood my question. Why is crl.verisign.com
getting overloaded *now.* What does the expiration of one of their CA
certificates have to do with it? Once you see that a cert has expired,
there's no need whatsoever to go look at the CRL. The point of a CRL is
to revoke certificates prior to their expiration.
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
