ietf
[Top] [All Lists]

Re: amsl.com certificate?

2008-02-21 03:16:18
On 21 feb 2008, at 3:24, Geoff Huston wrote:

The default setting in Firefox (and possibly safari) is to use OCSP  
for
validation of certificates where OCSP is referenced. The *.ietf.org
certificate has as part of the Authority Information Field the value;
OCSP: URI: http://ocsp.starfieldtech.com

This url is unreachable from many non-US sites, for reasons known only
to Godaddy I presume.

Or Akamai. It turns out that I get different addresses for this FQDN  
depending whether I'm at home or at work, see traceroutes. (#include  
<stdanycastisevil.h>) At home, everything works in both Safari and  
Firefox on the Mac, at work it doesn't, even though I can open this  
URL. Also tried with the ancient Internet Explorer for Mac and with  
IE and Firefox on Windows XP, those don't seem to be bothered in the  
same way as Safari and Firefox under MacOS.

Currently, Safari tells me that certificate with SHA-1 fingerprint 9F  
B6 01 FE 68 40 BB F6 6F 55 06 28 7C 42 15 01 38 0A CA 66 is signed by  
an unknown authority. I can't copy/paste the details and they don't  
show any areas that seem problematic to my untrained eye.

$ traceroute ocsp.starfieldtech.com
traceroute: Warning: ocsp.starfieldtech.com has multiple addresses;  
using 68.178.232.168
traceroute to balance.godaddy.com.akadns.net (68.178.232.168), 64 hops  
max, 40 byte packets
  1  192.168.0.1 (192.168.0.1)  2.953 ms  1.308 ms  1.660 ms
  2  static-1-138-7-89.ipcom.comunitel.net (89.7.138.1)  7.799 ms   
7.567 ms  10.979 ms
  3  10.4.0.169 (10.4.0.169)  9.968 ms  9.400 ms  8.730 ms
  4  212.145.3.222 (212.145.3.222)  9.527 ms  10.969 ms  8.733 ms
  5  MAD06RI01-Vlan2.ipcom.comunitel.net (212.145.4.76)  8.834 ms   
9.536 ms  9.386 ms
  6  mad3-core-1.gigabiteth4-0-0s152.swip.net (130.244.218.125)   
10.211 ms  9.008 ms  9.280 ms
  7  cbv-core-1.pos4-0-0.swip.net (130.244.207.149)  44.177 ms  44.711  
ms  46.704 ms
  8  cbv1-core-1.gigabiteth1-0-0.swip.net (130.244.206.254)  35.776  
ms  35.769 ms  35.839 ms
  9  cbv1-core-2.tengigabiteth2-1.swip.net (130.244.49.70)  35.823 ms   
35.002 ms  35.085 ms
10  pnias1257-gi-1-8.mpr2.cdg2.fr.above.net (84.207.23.161)  47.905  
ms  47.796 ms  51.746 ms
11  so-5-0-0.cr1.lhr3.uk.above.net (64.125.23.13)  57.632 ms  
so-4-0-0.cr1.lhr3.uk.above.net (64.125.23.9)  48.694 ms  
so-5-0-0.cr1.lhr3.uk.above.net (64.125.23.13)  48.102 ms
12  so-1-0-0.mpr1.lhr2.uk.above.net (64.125.28.38)  50.884 ms  53.369  
ms  56.308 ms
13  so-0-1-0.mpr1.dca2.us.above.net (64.125.27.57)  125.341 ms   
122.779 ms  126.148 ms
14  so-1-0-0.mpr3.iah1.us.above.net (64.125.29.37)  151.115 ms   
150.661 ms  149.343 ms
15  so-1-2-0.mpr2.phx2.us.above.net (64.125.25.10)  173.681 ms   
172.848 ms  174.637 ms
16  64.124.113.62.godaddy.com (64.124.113.62)  193.435 ms  196.808 ms   
192.744 ms
17  ip-208-109-112-137.ip.secureserver.net (208.109.112.137)  191.233  
ms  191.285 ms  191.658 ms
18  ip-208-109-112-161.ip.secureserver.net (208.109.112.161)  193.251  
ms  193.847 ms  198.613 ms
19  ip-208-109-112-145.ip.secureserver.net (208.109.112.145)  191.353  
ms  191.677 ms  191.336 ms
20  ip-208-109-112-181.ip.secureserver.net (208.109.112.181)  193.680  
ms  193.357 ms  191.327 ms
21  *^C

$ traceroute ocsp.starfieldtech.com
traceroute: Warning: ocsp.starfieldtech.com has multiple addresses;  
using 66.29.45.240
traceroute to balance.godaddy.com.akadns.net (66.29.45.240), 64 hops  
max, 40 byte packets
  1  faro.it.uc3m.es (163.117.140.2)  1.643 ms  0.249 ms  0.251 ms
  2  rtr-dep-it.uc3m.es (163.117.31.2)  0.524 ms  0.952 ms  0.653 ms
  3  163.117.32.25 (163.117.32.25)  0.801 ms  0.765 ms  0.693 ms
  4  rtcm-cr1-uc3m.redimadrid.madrimasd.org (193.145.14.22)  1.244 ms   
1.182 ms  1.114 ms
  5  * XE1-0-0-101.Madrid0.red.rediris.es (130.206.215.65)  1.949 ms   
1.550 ms
  6  MAD.XE7-0-0.EB-IRIS4.red.rediris.es (130.206.250.21)  1.759 ms   
1.658 ms  1.767 ms
  7  mad-b1-link.telia.net (213.248.70.249)  1.779 ms  1.951 ms  1.830  
ms
  8  prs-bb1-link.telia.net (80.91.248.128)  17.996 ms  18.028 ms   
18.564 ms
  9  nyk-bb1-link.telia.net (80.91.251.96)  92.529 ms  92.341 ms   
92.403 ms
10  nyk-b3-link.telia.net (80.91.250.9)  95.496 ms  95.396 ms  95.565 ms
11  netaccess-114875-nyk-b3.c.telia.net (213.248.83.186)  99.456 ms   
99.567 ms  99.484 ms
12  0.e1-3.tbr2.tl9.nac.net (209.123.10.74)  99.636 ms  99.424 ms   
99.405 ms
13  0.e1-4.tbr2.mmu.nac.net (209.123.10.77)  101.567 ms  101.363 ms   
101.724 ms
14  vlan804.esd2.mmu.nac.net (209.123.10.14)  102.063 ms  101.751 ms   
107.595 ms
15  0.ge-0-1-0.dar1.mmu.nac.net (209.123.11.110)  101.843 ms  101.508  
ms  101.354 ms
16  mail.thecountryclubrich.com (66.29.45.240)  100.244 ms  100.416  
ms  100.928 ms


_______________________________________________
IETF mailing list
IETF(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>