[19852] in bugtraq
Re: Verisign certificates problem
daemon@ATHENA.MIT.EDU (Ogle Ron (Rennes))
Mon Mar 26 14:46:21 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-ID: <05B4910E0216D411B14F00508B6A67A94BCF0F@RENEXCH5.rennes.thmulti.com>
Date: Mon, 26 Mar 2001 08:51:05 +0200
Reply-To: "Ogle Ron (Rennes)" <OgleR@THMULTI.COM>
From: "Ogle Ron (Rennes)" <OgleR@THMULTI.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
I'd have to say though that the CDP field works rather well. I run a rather
large set of CAs. When we were just using the monolithic CRL, each client
takes a long time to do verification of certificates. When we switched to
the distribution point extension, verification checking time fell
considerably.
Ron Ogle
Thomson multimedia
Rennes, FR
-----Original Message-----
From: Peter Gutmann [mailto:pgut001@cs.auckland.ac.nz]
Sent: Monday, March 26, 2001 8:20 AM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: Verisign certificates problem
Elias Levy <aleph1@SECURITYFOCUS.COM> writes:
>Actually checking most of the CA certificates shipped with IE less than
half
>have a CPD field. Of the big CA only Entrust seems to use the field.
That's not surprising, they invented and, I believe, patented the thing.
Peter.
