Re: [OT] Trojan/[spy/ad]ware and thawte.com

To: "Vincent Deffontaines" <vincent@gryzor.com>
Cc: debian-security@lists.debian.org
Subject: Re: [OT] Trojan/[spy/ad]ware and thawte.com
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 01 Jun 2004 20:26:38 +0200
Message-id: <[🔎] 87d64jkuch.fsf@deneb.enyo.de>
In-reply-to: <[🔎] 47744.193.164.229.102.1086103253.squirrel@webmail.raceme.org> (Vincent Deffontaines's message of "Tue, 1 Jun 2004 17:20:53 +0200 (CEST)")
References: <[🔎] 47744.193.164.229.102.1086103253.squirrel@webmail.raceme.org>

* Vincent Deffontaines:

> 1) What are those .crl files used for?

These are Certificate Revocation Lists.  They are essential for the
operation of a PKI, especially a global one with lose registration
checks.

> Maybe they could be used to "corrupt" actual browser's certs?

There whole purpose is to destroy certificates so that further use is
impossible.  It's necessary when the CA discovers that it has wrongly
issued a certificate, or when the CA customer compromises its private
key.

If you want to block those CRL requests, please read the license that
governs the use of those certificates first.  In some cases, you MUST
fetch and process that CRL data.

-- 
Current mail filters: many dial-up/DSL/cable modem hosts, and the
following domains: bigpond.com, di-ve.com, fuorissimo.com, hotmail.com,
jumpy.it, libero.it, netscape.net, postino.it, simplesnet.pt, spymac.com,
tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, yahoo.com.

Reply to:

References:
- [OT] Trojan/[spy/ad]ware and thawte.com
  - From: "Vincent Deffontaines" <vincent@gryzor.com>

Prev by Date: [OT] Trojan/[spy/ad]ware and thawte.com
Next by Date: Re: users and security ibwebadmin
Previous by thread: [OT] Trojan/[spy/ad]ware and thawte.com
Next by thread: Re: users and security ibwebadmin
Index(es):
- Date
- Thread