Verisign CRL single point of failure
dave kleiman
davek at netmedic.net
Fri Jan 9 15:26:42 EST 2004
>>I don't think you understood my question. Why is crl.verisign.com
>>getting overloaded *now.* What does the expiration of one of their CA
>>certificates have to do with it? Once you see that a cert has expired,
>>there's no need whatsoever to go look at the CRL. The point of a CRL is
>>to revoke certificates prior to their expiration.
You are correct I did miss your point in haste.
I cannot answer that, but I can tell you that disabling the function or
uninstalling NAV that has CRL function, fixes the problem immediately.
And if you watch your firewall as the clients open a file that requests a
virus scan they all try to hit crl.verisign.com. This has been happening
since the 7th when that cert expired.
DK
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list