VeriSign dead cert causes net instability

[InfoSec News <isn () c4i org>]

http://www.theregister.co.uk/content/55/34801.html

By John Leyden
Posted: 09/01/2004 

The expiration of one of VeriSign's master digital certificates on 
Wednesday created confusion for Net users and glitches to the 
operation of some applications, notably Norton Anti-Virus (NAV). 

After the cert VeriSign used to sign other certs expired, the chain of 
trust was broken, leaving some aps unable to set up a secure 
connection. These apps then defaulted to trying to access Verisign's 
certificate revocation list server (crl.verisign.com) which, faced 
with a huge extra load, buckled under the pressure. 

Verisign has posted an advisory on the problem here, detailing server 
updates needed to resolve application instability. Essentially where 
there are problems traffic needs to be directed to a new Global Server 
Intermediate Root CA. 

Users of Java aps and older IE browsers were affected by the issue but 
(judging by our postbag) NAV users were worst affected. NAV Users saw 
their computers slow to a crawl and Microsoft office apps not starting 
properly because of the problem. 

Symantec has posted an explanatory note on the problem which echoes 
Verisign's advice.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.