S/MIME keys (was: What Are Some Good Projects For Novices?)

Steve Holden sholden at holdenweb.com
Mon Aug 27 17:05:31 CEST 2001

"Paul Rubin" <phr-n2001 at nightsong.com> wrote in message
news:7xzo8l7kco.fsf at ruckus.brouhaha.com...
> Michael Ströder <michael at stroeder.com> writes:
> > > The downside of CRL checking is it means every single one of your
> > > secure site visits gets reported to the CA.
> >
> > Nonsens. Learn that CRL means Certificate Revocation List before
> > spreading fud.
> Browser CRL checking (at least in MSIE 5.x) works by checking incoming
> certificates against a CRL at the CA, from what I understand.

That may well be the case, but to check the CRL a browser is under no
obligation to report the URL for which the check is being performed. So you
can't track people by access to the CRL like DoubleClick do with access to
ad graphics (and even that only works when the client sends the "Referer:"
HTTP header).

Which is what I suspect Micheal meant.



More information about the Python-list mailing list