crl.verisign.com is ok?

CRL stands for Certificate Revocation List. Any standards-compliant, certificate-signed program will check the CRL to see if the program's signature has been revoked by the issuer. Contrary from being a security concern, this check makes sure your program is authentic.

You can prevent its access by either adding "crl.microsoft.com" and/or "crl.verisign.com" to your blocking file (HOSTS, PAC, DNSKong, etc), or by UNCHECKING "check for publishers certificate revocation" in your IE browser (TOOLS/INTERNET OPTIONS/ADVANCED tab/SECURITY section). [I am not sure if the last method will prevent access to Verisign's CRL.] More information available in this Microsoft Knowledge Base article (so you can make up your own mind whether to disable it):

Update Available to Revoke Fraudulent Microsoft Certificates Issued by VeriSign

"dontb" wrote in news:pAGJc.3043$Zr.1746@okepread01:

CRL = Certificate Revocation List

The simile that I've seen mention is:

- You present a check and ID to the sales clerk at the cash register to buy something. You profess to be person X.

- The sales clerk calls the bank to get a refreshed list of known bad checks (that they currently know about).

- They scan the list of bad check accounts to see if you are on the list.

- If you are on the list, they refuse the sale (i.e., revocation).

- If you are not on the list, you are presumed to be the person presenting the check.

If you get a digital signed or digtally encrypted e-mail using x.509 certificate, your e-mail client phones the CRL Authority (CA) listed in the certificate to verify the identity of that certificate (actually it just verifies whether the certificate is still good or not). Some software is also digitally signed. Norton AntiVirus will periodically require a check on its certificate (I'll get a prompt from the firewall from NAV to connect to crl.verisign.com).

Which firewall are you using? Doesn't its prompt telling you about the CRL connection doesn't also list the program that is requesting that connection? Maybe its logs will expose the program trying to make the connection. Perhaps it has an option to popup a window showing that an unauthorized-as-yet program is trying to use an already authorized program to make a connection (i.e., an option to show if a program is calling another program to make the connection). Norton Internet Security has that option. For example, I'll be in a help file and click on a web link and NIS will tell me the help program is asking IE to make a connection.

I would guess at some kind of X.509 -aware application trying to update certificate revocation lists.

Thor