On Tue, 6 Oct 2009, Stephen Burke wrote:
> Testbed Support for GridPP member institutes
>> [mailto:[log in to unmask]] On Behalf Of Henry Nebrensky said:
>> There are check-boxes (now ticked!) in the Security section of the
>> Advanced tab on Internet Options that say "check ... for revocation"
>> but I've not chased down where they get their lists from.
>
> Aha - I was foolishly looking in the certificate management section ...
> so we can maybe hope that it does something sensible! Anyway you'll
> still be better off than having the CA untrusted. And the answer to your
> original question about downloading the CRLs with the CAs is of course
> that it wouldn't be very useful because the CRLs have to be updated
> regularly to be useful.
Importing the CRLs into Firefox at least brings up a dialog box that
allows setup of automatic CRL downloads, but AFAICT the CRLs are only
available via the complex EUGridPMA map route.
Of course, if the URL to the CRL is a tag in the bag, then the list that
is missed can always be pulled down whenever needed anyway. I'd much
prefer to steer our users towards the TACAR page as I stand a chance of
writing meaningful instructions ("open this URL in a new window and press
the install buttons next to the following: ...") compared to the impromptu
geography quiz of the EUGridPMA map...
Thanks
Henry
--
Dr. Henry Nebrensky [log in to unmask]
http://people.brunel.ac.uk/~eesrjjn
"The opossum is a very sophisticated animal.
It doesn't even get up until 5 or 6 p.m."
|