Agreed, but a periodic message that the system is constantly turning off CRL checking because it keeps encountering an invalid CRL file would be a good idea. On Tue, 2 Nov 2021, Brian P Bockelman wrote: >> However, we should also make sure that malicious injection of an empty/invalid CRL file does not completely eliminate CRL checking for all time > > This is a file periodically generated by XRootD in the admin directory. I figure if the attacker owns the admin directory, then it's already game over. > > It's also an aggregate of all CRLs available - if the attacker controls all your CRLs, then it's probably also game over. > > -- > You are receiving this because you commented. > Reply to this email directly or view it on GitHub: > https://github.com/xrootd/xrootd/pull/1547#issuecomment-957963525 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/pull/1547#issuecomment-957968721 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1