CAcert System Admins discussion list

["Philipp Gühring" <pg AT futureware.at>]

Hi,

>  165938 ocspd/1.0

That´s from OpenCA. Hmm, but why so many of them? I did not expect many
people actually using it.

>   43549 Microsoft-CryptoAPI/6.1
>   35210 ocspd/1.0.1
>   29081 -
>    9968 Microsoft-CryptoAPI/5.131.3790.3959
>    9480 Mikrotik/6.x Fetch
>    8648 ocspd (unknown version) CFNetwork/520.5.1 Darwin/11.4.2
> (x86_64)
> (iMac12%2C2)

Oh, it seems that Apple is using ocspd, but it could be a differnet one
than OpenCA ocspd.

>    7064 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
>    6737 ocspd (unknown version) CFNetwork/520.5.1 Darwin/11.4.2
> (x86_64)
> (MacBookPro8%2C1)
>    5274 Microsoft-CryptoAPI/6.2

> I'd be quite curious to know which software is using ocspd/1.0
> or ocspd/1.0.1 as its agent string, since it seems be responsible
> for  more than 50% of the load on crl.cacert.org.

> By the way, we are working on some external firewall changes, which
> intend to achieve two things:
> 1. offer rsync as an alternative (and MUCH more efficient) method to
>    retrieve the latest CRLs;

> 2. log the IP address of crl.cacert.org users, so we can determine
>    our load sources more accurately.


Best regards,
Philipp Gühring