Verisign incorrectly built the new certificate causing every SSL access on IE 5.x to request a new CRL (700k) on every single SSL access. This has been fixed, a new udated cert is available and the CRL storm is abating. See the versign site for more details on what they did to fix the problem, but nothing of course on what they did wrong.
Note that two separte certs expired at the same time so there were two competing DOS attacks simultaneously. hth ..tom > Can someone explain to me why the expiring of a certificate causes new > massive CRL queries? > /r$ > > -- > Rich Salz, Chief Security Architect > DataPower Technology http://www.datapower.com > XS40 XML Security Gateway http://www.datapower.com/products/xs40.html > XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]