Re: crl.verisign.com is ok?

From: *Vanguard* (lh_vanguard_at_mailblocks.com)
Date: 07/16/04 

Date: Fri, 16 Jul 2004 02:07:20 -0500

"dontb" <dontb@yahoo.com>
wrote in news:pAGJc.3043$Zr.1746@okepread01:
> I get a IP transmission from my computer at start and occasionaly
> thereafter to crl.verisign.com.
>
> Is that OK. Is is for Window update or something?
>
> any thoughts?\
>
>
> crl.verisign.com is ok?

CRL = Certificate Revocation List

The simile that I've seen mention is:

- You present a check and ID to the sales clerk at the cash register to
buy something. You profess to be person X.
- The sales clerk calls the bank to get a refreshed list of known bad
checks (that they currently know about).
- They scan the list of bad check accounts to see if you are on the
list.
- If you are on the list, they refuse the sale (i.e., revocation).
- If you are not on the list, you are presumed to be the person
presenting the check.

If you get a digital signed or digtally encrypted e-mail using x.509
certificate, your e-mail client phones the CRL Authority (CA) listed in
the certificate to verify the identity of that certificate (actually it
just verifies whether the certificate is still good or not). Some
software is also digitally signed. Norton AntiVirus will periodically
require a check on its certificate (I'll get a prompt from the firewall
from NAV to connect to crl.verisign.com).

Which firewall are you using? Doesn't its prompt telling you about the
CRL connection doesn't also list the program that is requesting that
connection? Maybe its logs will expose the program trying to make the
connection. Perhaps it has an option to popup a window showing that an
unauthorized-as-yet program is trying to use an already authorized
program to make a connection (i.e., an option to show if a program is
calling another program to make the connection). Norton Internet
Security has that option. For example, I'll be in a help file and click
on a web link and NIS will tell me the help program is asking IE to make
a connection.

Relevant Pages

  • Re: Does L2TP actually WORK ? Drama on XP
    ... >Stop multiposting and find the correct newsgroup for VPN ... Into the DC and configured the automatic certificate ... >> WinXP box back to the isolated Internet hub connection. ... >> The L2TP connection attempt failed because security ...
    (microsoft.public.windowsxp.security_admin)
  • Re: L2TP Bug, win2003 and WinXP
    ... Into the DC and configured the automatic certificate ... > WinXP box back to the isolated Internet hub connection. ... (The specified domain either does not ... then I setup the L2TP connection as it says in the ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Does L2TP actually WORK ? Drama on XP
    ... Stop multiposting and find the correct newsgroup for VPN related stuff. ... Into the DC and configured the automatic certificate ... > WinXP box back to the isolated Internet hub connection. ... (The specified domain either does not ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Problem with RWW, can list computers/servers, cannot get logge
    ... > other RWW functionality including admining the companyweb. ... > When I browse to that FQDN and the certificate is presented for approval, ... >>> to which the network in connected. ... >>> connection might not be enabled or the computer might be too bust to ...
    (microsoft.public.windows.server.sbs)
  • Re: L2TP/IPSec from XP client to Windows 2003 Server
    ... ie no valid cert found on client - contacted Microsoft ... Windows Server 2003 Certificate Authority running ... The next step is to install Certificate Services on the Windows Server ... From Networks Connections on the client, ...
    (microsoft.public.security)
Quantcast