Agreed, but a periodic message that the system is constantly turning off
CRL checking because it keeps encountering an invalid CRL file would be a
good idea.
On Tue, 2 Nov 2021, Brian P Bockelman wrote:
>> However, we should also make sure that malicious injection of an empty/invalid CRL file does not completely eliminate CRL checking for all time
>
> This is a file periodically generated by XRootD in the admin directory. I figure if the attacker owns the admin directory, then it's already game over.
>
> It's also an aggregate of all CRLs available - if the attacker controls all your CRLs, then it's probably also game over.
>
> --
> You are receiving this because you commented.
> Reply to this email directly or view it on GitHub:
> https://github.com/xrootd/xrootd/pull/1547#issuecomment-957963525
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/pull/1547#issuecomment-957968721",
"url": "https://github.com/xrootd/xrootd/pull/1547#issuecomment-957968721",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1