[Dshield] NAV problems question

David Vincent david.vincent at mightyoaks.com
Thu Jan 8 22:50:05 GMT 2004


If the network is simply unplugged, then it never even gets to the
certificate to examine it, and therefore never has to check the CRL.  NAV is
smart enough to know when your network is not connected.  :)

-d

> -----Original Message-----
> From: Paul Marsh [mailto:pmarsh at nmefdn.org]
> Sent: Thursday January 8, 2004 2:39 PM
> To: General DShield Discussion List
> Subject: RE: [Dshield] NAV problems question
> 
> 
> Still doesn't make much sense to me.  If that's the case then 
> unplugging
> the network connection of a workstation should get the same results
> right?
> 
> Thanx, Paul
> 
> -----Original Message-----
> From: John Hardin [mailto:johnh at aproposretail.com] 
> Sent: Thursday, January 08, 2004 05:28 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] NAV problems question
> 
> 
> On Thu, 2004-01-08 at 13:52, Paul Marsh wrote:
> > Below is an explanation as to why NAV was/is having issues 
> today.  Can
> 
> > some one please enlighten me as to why NAV would be having 
> a problem 
> > because of Verisign Cert.
> 
> Probably because NAV uses an SSL connection back to Symantec to check
> something-or-other, and Symantec hasn't updated the cert on 
> their server
> to one that isn't expired (or, rather, one that is signed by 
> a cert that
> isn't expired). NAV sees the expired cert in the authentication chain
> and tries to contact the CRL server (along with everyone else in the
> world), thus the l-o-n-g d-e-l-a-y-s trying to start NAV.
> 
> Symantec can fix it by updating the cert on whatever server of theirs
> that NAV is trying to contact.
> 
> --
> John Hardin  KA7OHZ                           
> Internal Systems Administrator                    voice: 
> (425) 672-1304
> Apropos Retail Management Systems, Inc.             fax: 
> (425) 672-0192
> --------------------------------------------------------------
> ---------
>  If you smash a computer to bits with a mallet, that appears to count
> as encryption in the state of Nevada.
>                                                - CRYPTO-GRAM 12/2001
> --------------------------------------------------------------
> ---------
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> 




More information about the list mailing list