Recent Events for foo.be MainPageDiary (Blog)

Diary

Alexandre (adulau) Dulaunoy's messy desk or blog

My blog is a kind of non-consistent space where I put (when I have the time) some thoughts, ideas or stuff I want to share with the potential reader (human or not). There is no one single theme for my blog but it's ranging from Computer Science to Gardening and always with an important touch of freedom. The blog is running on Free Software with oddmuse.

2013-04-01 Information Visualization Is Just A Starting Point

Keywords in Common Vulnerabilities and Exposures Quantité des déchets ménagers collectés sur la Province de Luxembourg - année 2012

Information Visualization Is Just A Starting Point

Information visualization is not an end but just a step to improve our understanding of data. Following a small discussion in the train about the visualisation of open data, I did a small experiment to analyse the statistics about the waste collection in my region. The result of this experiment is available along with some random notes. But the main question came from someone else looking at the visualization and basically told me: "I don't get it". He is right, the experimentation is just there to trigger more analysis (and sometime more visualization) with the objective to improve our understanding. Initially, the source of data is usually not analysed and sitting there waiting to be understood. Coming back to the data about waste collection, the initial discussion about the understanding or interpretation wouldn't be triggered if the first step of visualization is not done.

So in that scope, I tried a similar approach with a dataset I built from my cve-search tool. My idea was to see the terms used all the description of the Keywords in Common Vulnerabilities and Exposures (CVE). I did a first CVE terms visualization experiment and then I twitted about it. Then, this was triggering various explanations like why there is a predominance of some terms as commented by Steve Christey.

It clearly showed that is an iterative process especially to better understand the data. It's also an interactive process in order to improve the visualization and the data source. Following the good advise from Joshua J. Drake, I added a lemmatizer to keep only the root of each term and also exclude the standard English stopwords. With the visualization, we saw from some occurrences (e.g. unknown or unspecified) that the CVEs are based on incomplete information.

I'm quite sure that is not finished and just the beginning of more work and experiments in visualization. I read various books about information visualization but the result is often very static and you don't really see their iterative process to reach their visualization goals. Sometime, you just see a result without the process and the tools used to make the visualization happens.

At least with free software like D3.js, we have now a set of tools to understand how the visualization was built and maybe improve/discuss those visualizations. At least, if you want to play or improve the visualization of terms used for software vulnerabilities description, let me know.

You want an open mind, but not an empty head. Just because something is a new or fashionable alternative, doesn’t mean we need to get stupid when judging it. Edward Tufte.

2013-02-23 Vulnerability Management Is Just An Approximation

Everybody needs a hacker

Software Vulnerability Management Is Just A Huge Approximation

Approximation is a representation of something that is not exact. To be extremely exact vulnerability management is not even a mathematical approximation like we know it for Pi value. But from where this utterly huge approximation is coming from? The first origin is the inner definition of "vulnerability management". If you look at various definitions like the one from Wikipedia or some information security standards, you have something like "it's a process identifying → classifying → remediation → mitigation of software vulnerabilities". Many information security vendors might told that is an easy problem but you can ask yourself if this is an easy problem why so many organizations are still compromised with software vulnerabilities.

In my pragmatic eyes, it's very broad, so broad that a first reaction is to split the problems into parts that you can solve. If we just look at the initial step to identify software vulnerabilities.

To solve this problem, the first part is to discover, know and understand the software vulnerabilities. Everyone is discovering vulnerabilities everyday (just look at how many bug reports are going into the Linux Kernel bug tracking software) and very often when you report a bug, you don't even know if this is a software vulnerability. The worst part is that an organization (or an individual) doesn't exactly know what software they are running. If someone is telling you that they have a "software vulnerability management" software that is able to detect all the software running on a system, it's a lie. If such software would exist, you would have the perfect software that would be able to solve the virus detection issue while solving the Turing's halting problem. Just look at a simple software appliance and the set of software required to run the appliance.

Discovering vulnerabilities might be easy but it's difficult to be exhaustive. Even if a vulnerability is found, there is a market to limit their publications (like zero-day vulnerability market). For a named software, there is might be a large set of unknown vulnerabilities (I'm tempted to talk about Java but I think every software might fall into that category). Does this mean that you should give up? I don't think so. You must work on your vulnerability management but don't trust blindly solutions that claim to solve such issue.

Finally, my post is not a bashing post as it was an opportunity for me to talk about a side project I'm working to ease collecting and classifying Common Vulnerabilities and Exposures (CVE). The project is called cve-search and it's not a complete vulnerability management just a small tool to solve partially the identification and the classification part.

“When he time comes to leave, just walk away quietly and don't make any fuss.”– Banksy

2011-12-25 Against SOPA or How To Do Soap

I'm against SOPA... So I'll explain how to make soap with olive oil

One more time, some lobbyists try to regulate the Internet with some of the stupidest laws or rules. SOPA (in US) is again one of this tentative to break down the freedom of citizen worldwide to preserve some archaic business model. As I have a preference for concrete action leading to a direct social improvement, I'll explain how to do soap (it's better than SOPA and more useful, please note the clever inversion of the letters). My soap recipe is released under the public domain dedication license (CC0).

Stop SOPA make SOAPStop SOPA make SOAP

Safety Disclaimer

Doing soap is a chemical process that requires your full operating brain. Especially that you'll use sodium hydroxide that is a corrosive substance. So respect the proportions, the process and read the whole process multiple times before doing it. Wearing protective gloves and goggles is highly recommended. Avoid to use kitchen instruments in aluminum as it will be attacked by the sodium hydroxide.

Background of the chemical process

Doing soap is one of the first chemical process discovered by the humanity. The process is called saponification that is done by using a base to hydrolyze the triglycerides contained in the fats (organic or animal). This process generates a fatty acid salt along with the glycerol (the greasy touch of the soap). Each fat has a specific value for its saponification. The saponification value (usually called SAP in saponification tables) is expressed by the required volume of base (usually sodium hydroxide) to saponify 1 gram of fat. The saponification value is reduced to keep the resulting soap a bit fat (what is called the "excess fat"). I find it even convenient to keep a "safety" bound to ensure that the hydrolyze is complete and used the whole sodium hydroxide.

So that's the basis if you want to build your own soap, there are other rules to consider but for this recipe this is enough. In my case, I use olive oil as a fat. Easy to find and I have a preference for organic olive oil (to ensure that the oil producer is taking care of its environment). But you can use non-organic olive oil too (it's usually cheaper).

Ingredients

  • 1000 grams of olive oil
  • 124 grams of pure sodium hydroxide / NaOH (as the olive oil has a SAP factor of 0.134 and we want 7% of over fat → run bc and type (1000*0.134)*0.930) (total weight of fat *SAP factor for the fat)*(0.900<->0.960))
  • 350 grams of tap water (usually between 31% and 35% of the total fat. In this recipe ~ 1000*0.350)

Process

  • Put your protective gloves and goggles
  • Prepare the sodium hydroxide by putting the sodium hydroxide in water (!put the sodium hydroxide in water not the reverse!).
  • and monitor the temperature of the prepared sodium hydroxide to reach around 46-47 Celcius degree (it will start at 80 Celcius degree with the reaction).
  • At the same time, warm the olive oil until 46-47 Celcius degree.
  • When both are at the same temperature (around 46-47 Celcius degree),
  • you can start to mix (using a mixer speed up the process) the warmed olive oil by incorporating the prepared sodium hydroxide. (!use a large pot to avoid projection of the prepared sodium hydroxide while mixing!).
  • When you start to see that the mixture is becoming consistent (especially that you can see a trace while removing the mixer) it means that's you reach the critical point.
  • When you have an homogeneous consistence, you can put the result into a plate.
  • Put a plastic film into the plate touching the mixture (to avoid oxygen to be in contact with the prepared soap).
  • In the next hours, you'll the "gelification process" where the soap is becoming a gel (usually starting from the center).
  • After 24 hours, your soap is becoming harder. (see above picture)
  • You can can remove it from the plate and cut the forms you want from your block soap.
  • And the soap must dry for the next 4 weeks in a dry and clean place. (see above picture)

Tags:

2011-12-17 Certificate Revocation Reasons 2011

X.509 Certificate Revocation Reasons in 2011

I'm automatically fetching the certificate revocation lists (CRLs) of all known public CAs. As of Today (17th December 2011), I compiled the reasons of certificate revocation. That's pretty interesting to see the revocation process within CAs and the CRL is usually the only public information we have. As the reason is a non-critical CRL entry (section 5.3.1 in RFC 3280 - RFC 5280), the situation is even worst because the majority of certificate revocation is without any reason. In this blog entry, there are only certificate revocations with a reason entry set.

So having a reason is already a good step for a CA to be transparent on their operations. Now if we have a deeper look on the revocation reason, you will see that is not always enough to understand the context of the revocation and especially what has been really revoked.

 678039 Cessation Of Operation (code 5)
 172888 Unspecified (code 0)
  89823 Certificate Hold (code 6)
  88788 Superseded (code 4)
  76445 Key Compromise (code 1)  
  43482 Affiliation Changed (code 3)
   3910 Privilege Withdrawn (code 9)  
    230 CA Compromise (code 2)
      1 A A Compromise (code 10)  

The reason "Unspecified" should not be used as recommended in the RFC "however, the reason code CRL entry extension SHOULD be absent instead of using the unspecified (0) reasonCode value." but as you can see it's still largely used. That's probably the behaviour of a software largely used in PKI 1.

The reason "Certificate Hold" is still largely used but its use "is strongly deprecated for the Internet PKI." as mentioned in section 5.3.2 of RFC 5280.

On the security side, the reason "Key Compromise" is regularly used showing the reality of compromised private keys. That reality is also shown with all the different malware (e.g. SpyEye? or Banker Trojan) capturing "private keys" on infected machines.

The single entry in code 10 - (aACompromise)

   Issuer: /C=DE/O=T-Systems International GmbH/OU=Trust Center Services/CN=TeleSec ServerPass CA 1

...
    Serial Number: 43ADFDBE62CB0820
        Revocation Date: Dec 14 13:00:51 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                10

What can we say on that one? that the certificate with the serial number 43ADFDBE62CB0820 has been revoked recently with the reason code 10 (aACompromise). I couldn't find a clear definition of that reason in the standard. If you have any ideas, let me know.

230 entries with reason CA Compromise (code 2)

With the recent incidents in different CAs (from Comodo to DigiNotar?), everyone should be interested in the reason code 2 used when a CA is compromise. In those cases, that's usually intermediate CAs as the standard is not very clear about the revocation process of self-signed/root CA. But that's again a matter of interpretation of the processes…

Here is a list of the entries found in CRL with a reason "CA Compromise" (You'll see ones matching publicly disclosed incidents but for some others, questions are open):

some might be duplicate as CRLs can be duplicated. In that scope, I generated a list of CRLs URL with an MD5 hash of their output to detect the different CRL URL providing the same revocation list. http://www.foo.be/crl/crl-synonyms.txt

        Issuer: /C=IT/O=Actalis S.p.A./OU=Certification Service Provider/CN=Actalis Server Authentication CA
...
    Serial Number: 031DFC
        Revocation Date: Feb 25 10:29:27 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Feb 25 08:29:25 2011 GMT
            X509v3 CRL Reason Code: 
                CA Compromise

    Serial Number: 0329A2
        Revocation Date: Mar 30 12:29:32 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Mar 30 11:29:31 2011 GMT
            X509v3 CRL Reason Code: 
                CA Compromise

        Issuer: /C=DE/O=T-Systems Enterprise Services GmbH/OU=Trust Center Deutsche Telekom/CN=NetPass CA 3
...
    Serial Number: 42BD
        Revocation Date: Apr  6 10:37:00 2009 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
    Serial Number: 42BE
        Revocation Date: Apr  6 10:52:00 2009 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
    Serial Number: 4284
        Revocation Date: Mar 19 21:52:00 2009 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
    Serial Number: 42BF
        Revocation Date: Apr 11 13:27:00 2009 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
    Serial Number: 41B4
        Revocation Date: Feb 19 12:18:00 2009 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
    Serial Number: 4592
        Revocation Date: Aug 26 11:13:00 2009 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
    Serial Number: 4218
        Revocation Date: Mar  4 10:37:00 2009 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise

       Issuer: /C=CH/O=WISeKey/OU=Copyright (c) 2006 WISeKey SA/OU=International/CN=WISeKey CertifyID Advanced Services CA 1
...
    Serial Number: 24F1FD29000000000E9A
        Revocation Date: Jan 19 13:35:08 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
    Serial Number: 2996F242000000000E2B
        Revocation Date: Dec 28 12:07:34 2010 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
        Issuer: /C=BE/O=KBC Group/CN=KBC Group Server CA
...
    Serial Number: 27
        Revocation Date: Apr 25 11:35:55 2008 GMT
        CRL entry extensions:
            Invalidity Date: 
                Apr 24 23:35:00 2008 GMT
            X509v3 CRL Reason Code: 
                CA Compromise
        Issuer: /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Overheid CA
...
    Serial Number: 013169B0
        Revocation Date: Sep 28 09:58:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
        Issuer: /C=CL/ST=Region Metropolitana/L=Santiago/O=E-CERTCHILE/OU=Autoridad Certificadora/CN=E-CERT CA/emailAddress=sclientes@ccs.cl
...
    Serial Number: 1A7E8043000100000009
        Revocation Date: Sep 11 16:52:24 2008 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
        Issuer: /C=US/O=SAIC/OU=PKI/CN=SAIC Public Issuing CA 01
...
    Serial Number: 4E9AC5F6000000000013
        Revocation Date: Mar 30 22:42:59 2005 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise

Issuer: /DC=com/DC=telstra/DC=dir/DC=core/CN=Telstra RSS Issuing CA1
...
    Serial Number: 368D72CB000000000331
        Revocation Date: Sep  5 02:12:49 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise

The ones from DigiNotar?. As you can see the extended attributes with the Invalidity Date seem to be incorrect for DigiNotar? as the breach was discovered to be much earlier. As explained in RFC 5280 (section 5.3.2),

"The invalidity date is a non-critical CRL entry extension that provides the date on which it is known or suspected that the private key was compromised or that the certificate otherwise became invalid". I hope there are not any malicious software signed with those revoked keys…

Issuer: /C=NL/O=DigiNotar/CN=DigiNotar Extended Validation CA/emailAddress=info@diginotar.nl
...
    Serial Number: 022E35B1ACD40F040C444DF32A7B8DE6
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 028CF7556F8BE27026800448FA6AA527
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 03124C25849D9E49BC2A2FAD3E10C8A4
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 0370390E48A7F26AA62188A79E612DC3
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 03894A069EA682581E47A295BF0C2F0F
        Revocation Date: Nov  1 11:22:57 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:22:57 2011 GMT
    Serial Number: 044297A4F4E21750B9CC70A72CE9EBEB
        Revocation Date: Jul 14 09:53:45 2010 GMT
        CRL entry extensions:
            Invalidity Date: 
                Jul 14 09:53:45 2010 GMT
    Serial Number: 04841B82A9D81E44CB4F2D98CFE7C374
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 04ED97B8E5DEC80B4DE778E86F18FBB7
        Revocation Date: Nov  1 11:23:05 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:23:05 2011 GMT
    Serial Number: 0590B310AEFC7A3EDC03ECA2A6F6624F
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 05E2E6A4CD09EA54D665B075FE22A256
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 06A0E8BCC4F603D5C3C440DCBFF23089
        Revocation Date: Nov  1 11:27:24 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:27:24 2011 GMT
    Serial Number: 06D960B14B3F464EC71C8FA8D076F459
        Revocation Date: Nov  1 11:34:08 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:34:08 2011 GMT
    Serial Number: 071FAE720C8354F1DC28057383BE191D
        Revocation Date: May  6 07:46:50 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                May  6 07:46:50 2011 GMT
    Serial Number: 07B546E8E002FC5854651BE31802F96D
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 07BC72A463D4DE33B2BE733D6FAC991D
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 09369288E36D7AFFEE94EA81998FA316
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 0954E1AB9141ED7E8B640FE681046451
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 0A6DFACFDEAE74A816031534BE90B75A
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 0B41ABEE6F4168D3CDE5A7D223B58BC1
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 0DEBD87C3BC2A924DFC80FA7AEF366D3
        Revocation Date: Nov  1 11:13:05 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:13:05 2011 GMT
    Serial Number: 0E0886EEAA119CF14F1C54387060929A
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 0FF4031F07818A304ADF704B72B03EDA
        Revocation Date: Jul 18 08:17:02 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Jul 18 08:17:02 2011 GMT
    Serial Number: 11661878CCE9DC337CEEBB16E30F9A3A
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 121378A6DE0A13DDB295106E912A4E14
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 12E6AFD41A145754D1115068B869CEE8
        Revocation Date: May 12 10:18:03 2010 GMT
        CRL entry extensions:
            Invalidity Date: 
                May 12 10:18:03 2010 GMT
    Serial Number: 1348E0D85921963F7AD11A23E7FF6E32
        Revocation Date: Nov  1 11:28:55 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:28:55 2011 GMT
    Serial Number: 13548FC160BC5C9F315AE28CDB490E36
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 13A757022817C0514A5C142FE9BF143A
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 13B0368A65AAE03134DACB69F7E01067
        Revocation Date: Jul 20 14:46:30 2010 GMT
        CRL entry extensions:
            Invalidity Date: 
                Jul 20 14:46:30 2010 GMT
    Serial Number: 168195E124D2776EC95DE48093C908F8
        Revocation Date: Apr 11 11:31:21 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Apr 11 11:31:21 2011 GMT
    Serial Number: 170370B60D515F164119BE54FD55E1ED
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 171A8599EDE711A3315BC7D694CEBEC6
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 17CF5474D5A8B4E735E69E017CEC2F37
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 1836289F75F74A0BA5E769561DE3E7CD
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 1890BAD2FAE1E593FB013F708CBB7A7E
        Revocation Date: Dec  2 15:01:18 2009 GMT
        CRL entry extensions:
            Invalidity Date: 
                Dec  2 15:01:16 2009 GMT
    Serial Number: 192EFE2CFB1F3EB3731B7335518B3EF8
        Revocation Date: Nov  1 11:30:13 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:30:13 2011 GMT
    Serial Number: 1A89324D6D3E6DE6726C688BFF225DDD
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 1C6EA2DA6ECED5C5C761BCA9CA4C5308
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 1D064DDBD7F8C8C86115CFE7D9CFFB02
        Revocation Date: Jun  5 09:36:17 2009 GMT
        CRL entry extensions:
            Invalidity Date: 
                Jun  5 09:36:17 2009 GMT
    Serial Number: 1DCF02113D01BAE855A83A46BFB12DB5
        Revocation Date: Nov  1 11:22:03 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:22:03 2011 GMT
    Serial Number: 209920C169512D3EB4A1ED7CAD17D033
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 226F7B79306DD674708A06A6355E700A
        Revocation Date: Jul 14 09:56:39 2010 GMT
        CRL entry extensions:
            Invalidity Date: 
                Jul 14 09:56:39 2010 GMT
    Serial Number: 26C4B88E803C3C1592F09FE5468140BA
        Revocation Date: Oct 20 10:23:38 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Oct 20 10:23:38 2011 GMT
    Serial Number: 271293D4BF3AAACF1B4B5926B8548DE6
        Revocation Date: Nov  1 11:33:54 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:33:54 2011 GMT
    Serial Number: 2734EA4F3C1908BDA1F899230CFDA7D1
        Revocation Date: Nov  1 11:11:23 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:11:23 2011 GMT
    Serial Number: 2ACBA14BB6F65F7BD0A485BFCB6D023F
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 2B05E0B5E470CFB76EA79A631705F566
        Revocation Date: Nov  1 11:30:28 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:30:28 2011 GMT
    Serial Number: 2B1EA767EC59E46364BC2DF9B1F30B97
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 2D711C9CB79EC15445747BFE3F8BC92F
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 2EFC7F5D32686556FFBA6E7B0FB99336
        Revocation Date: Nov  1 11:25:39 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:25:39 2011 GMT
    Serial Number: 2F5ABFDCCAB1A2927E54283296F19FB8
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 2F88BF04DFA66B598E3999498924D602
        Revocation Date: Nov  1 11:30:24 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:30:24 2011 GMT
    Serial Number: 30170F15A240446E6B482E0A364E3CCA
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 30DF96D87EEC8CA77A135ECCAB1AD25E
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 30F6821637DC7B7296D4BA87FFFD021C
        Revocation Date: Jun 17 12:40:26 2010 GMT
        CRL entry extensions:
            Invalidity Date: 
                Jun 17 12:40:26 2010 GMT
    Serial Number: 31C149639E372109B4E83FC34C4C6E77
        Revocation Date: Dec  2 14:50:07 2009 GMT
        CRL entry extensions:
            Invalidity Date: 
                Dec  2 14:50:04 2009 GMT
    Serial Number: 31CE974DBE9F2695E897CDCC20AF4A28
        Revocation Date: Jul 14 10:01:38 2010 GMT
        CRL entry extensions:
            Invalidity Date: 
                Jul 14 10:01:38 2010 GMT
    Serial Number: 327B9A443C49018D7B0A97B6EC2254B8
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 33BD6F9B3ECD7FCB3DDF71E11BD1082B
        Revocation Date: Jul 14 10:00:40 2010 GMT
        CRL entry extensions:
            Invalidity Date: 
                Jul 14 10:00:40 2010 GMT
    Serial Number: 351803DDAD7801C38D52B807A2945F71
        Revocation Date: May 23 10:09:29 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                May 23 10:09:29 2011 GMT
    Serial Number: 35C54E845AE855F818504C8C189F52C7
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 35FBDCDF923F99B5E1C5FF4423B715B8
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 3913B1E1C35BDDF02CE03C916E8AA638
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 39936336286F843756FC4BC296D7A8E0
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 39953BF6383A00D29BEB377568E3DE7A
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 39B5DD0ECC85C3F62A72391DC055F561
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 3A32AAA9DFE2CA7F9E003885E316944B
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 3CDCD81930F91AC0B990664931E5412E
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 3D2BC95A85EF539A68DAC84542A1AE7A
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 3EA0F90DE57187FC7E1AC45AE44D16C6
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 3F8A5EA1756DDF4A6B6F2645B4911486
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 3F8C9CDAACBB533AE94F47456819FA0E
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 40535CFBB2286E48F3B4D2CABDBBE645
        Revocation Date: Nov  1 11:33:27 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:33:27 2011 GMT
    Serial Number: 40AD07456B7B2F6A8AE84658CC420BF6
        Revocation Date: Nov  1 11:22:30 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:22:30 2011 GMT
    Serial Number: 4157D99E46A3E45E6130A95645410DAC
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 4455B43B9173CBAE4E247272EE2573D5
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 44C287C1C3697367B0E6CB78A78C1DF5
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 4813656784FB44665A84DE8759978140
        Revocation Date: May 19 10:59:30 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                May 19 10:59:30 2011 GMT
    Serial Number: 4A6D90618A5CA6797C768C03C860C4F8
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 4ADA28D281D3D14D19FB782D64086D0C
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 4CF54389AAE1572E694906522539EDFD
        Revocation Date: Nov  1 11:13:29 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:13:29 2011 GMT
    Serial Number: 4D556B338FAA020979A740B4C3AEE28C
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 4DD0497CBAABBA058574A611B26151BA
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 4FC2D72D6427CABBE3E859453865F43B
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 5087EC958715FE181BA444116E915CDF
        Revocation Date: Nov  1 11:22:54 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:22:54 2011 GMT
    Serial Number: 51071B7B15F90AB74BF144D78D8631EB
        Revocation Date: May  6 07:46:49 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                May  6 07:46:49 2011 GMT
    Serial Number: 5132F0FCB3F8DCAA501C620575D33FEE
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 5298BCBD11B3952E3FDDC6FDD6711F5C
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 53B53BF2F74997EBEB2577D63DA692B7
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 54A13D6B84557F532352D1DA947E7552
        Revocation Date: Nov  1 11:23:05 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:23:05 2011 GMT
    Serial Number: 54D153376CC124A49F1B9F9E5ECF862C
        Revocation Date: Jun 17 12:39:26 2010 GMT
        CRL entry extensions:
            Invalidity Date: 
                Jun 17 12:39:26 2010 GMT
    Serial Number: 5563605FDC2DC865E2A1C32995B5A086
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 56A1C36F0A507314C0D10B8631DEB8A0
        Revocation Date: Nov  1 10:31:35 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 10:31:35 2011 GMT
    Serial Number: 56EF1EE54D65EF7B39AF541E95BB45A9
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 5814A731F3590CC163548788E1A20344
        Revocation Date: Nov  1 11:30:28 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:30:28 2011 GMT
    Serial Number: 58C18B290620E18B8C78AC1912E5DCD7
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 591262B97E1974E4BD29335D50A0B000
        Revocation Date: Nov  1 10:30:34 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 10:30:34 2011 GMT
    Serial Number: 59F8BDDA3F56D8026FAB6E3130F5D843
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 5B8E5202EC6769F2389605D33DC245B2
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 5CEBD524469A075FB6B42D06C9BF27AD
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 5D4352671C39616670B2F34C173A1F63
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 5D8D0D43611275982E6A5490E7F87BD7
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 5D8F8D78B0C19EF4479F744DECBD84BC
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 5DD6A72747D90C018B63F959DFE7C976
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 5E6F7C4A0E7B9B1CEC7AF0CAAB4AE9B0
        Revocation Date: Nov  1 11:33:27 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:33:27 2011 GMT
    Serial Number: 5F3C1BDC7A2BCD47ABAF0C8E62D9F757
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 5FFA79AB76CE359089A2F729A1D44B31
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 601315BB085FECF29538DA3F9B7BA1CE
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 604B3E3BEE932F5CAE4CA3AAA31C368D
        Revocation Date: May 31 08:50:27 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                May 31 08:50:27 2011 GMT
    Serial Number: 60AC58FC2B5EEF9A6AEF273104D46FAA
        Revocation Date: Nov  1 11:22:06 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:22:06 2011 GMT
    Serial Number: 61BF9A0FF2CE9D55D86BC063839F72F4
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 61D11B35765ECB85890D5349786D9FCA
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 61FBB5CFCBC7CCF3351ABAACFA498B49
        Revocation Date: Jul 20 14:46:31 2010 GMT
        CRL entry extensions:
            Invalidity Date: 
                Jul 20 14:46:31 2010 GMT
    Serial Number: 62BF5A170CC779ADE7EF0090F395D5E6
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 63DEB17D722ACD0C4AF5F59F4D278D2D
        Revocation Date: Nov  1 11:22:42 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:22:42 2011 GMT
    Serial Number: 6410577C738133297472F6C22C2BB397
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 6580BE22A0566352B9622777BFCB7164
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 65A925E578098658FADA30E9FB67B5E4
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 65E34D749EDD5E8B3B4DA5020146AF54
        Revocation Date: Nov  1 11:22:29 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:22:29 2011 GMT
    Serial Number: 67887932934DFF086153CA905E7DE9EE
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 68F252CD36F2798A2182F6406A31A5A2
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 698868F3B58F9A1377ECD98AC441F804
        Revocation Date: Nov  5 11:25:03 2008 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  5 11:25:03 2008 GMT
    Serial Number: 6B339433956F1505104BB231314A153E
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 6BACB6C5B74FA747A3CF375EC3095035
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 6BEC7FB77BF883E1F7617E19470937FF
        Revocation Date: Jul 14 10:01:39 2010 GMT
        CRL entry extensions:
            Invalidity Date: 
                Jul 14 10:01:39 2010 GMT
    Serial Number: 6BF3BEB26AFF31116200B14F4378C33B
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 6C1950AA83F4663F1BA063B5275C25EC
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 6D6225040EBB834EE0C32828C5E0C6B4
        Revocation Date: May 30 09:05:27 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                May 30 09:05:27 2011 GMT
    Serial Number: 6D6327E75F51B624D0583DE073B93849
        Revocation Date: Nov  1 11:27:24 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:27:24 2011 GMT
    Serial Number: 6DC30A0902BB80E1724661407AA3E264
        Revocation Date: Nov  1 11:06:21 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:06:21 2011 GMT
    Serial Number: 6DD6E103C848A1666FE01F6B8C639FE6
        Revocation Date: May 26 08:50:28 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                May 26 08:50:28 2011 GMT
    Serial Number: 6E6D052B5ABC015C779EA3500FA11A28
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 6FA3C48173B3B289943F113A8CD9DB8C
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 6FED5501435113C516B5D321080ABAE2
        Revocation Date: Nov  1 11:29:46 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:29:46 2011 GMT
    Serial Number: 7034FBF641CEB257FC109A6819D19DA0
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 706BBC770C62D41DD799721ABD1868AB
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 7073C6C01DEE4E158F554555F697F7D9
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 720DF591261D710ADC73127C1BC4303D
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 72515CF15799BAC3279DE7F085D0D2B8
        Revocation Date: Nov  1 11:23:16 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:23:16 2011 GMT
    Serial Number: 72CBC4824C6215B139FDE6BA10DAC6AD
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 7352C61297D6B04E874EDAD12480F78E
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 752A2D0325A3D34D9F5198C2F5C92A6C
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 75D94CFF95CFD7D501CAA49D67059D83
        Revocation Date: Sep 12 13:51:19 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Sep 12 13:51:19 2011 GMT
    Serial Number: 763B0C2A7B83066A9D995C8C4FD9E35E
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 79C03FE0C81A3022DBF8143B27E40223
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 79DCFDA2700E06F8EAA640BA9B827810
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 79F4CCD54A6258238C3B646D6790B3FA
        Revocation Date: Nov  1 10:50:40 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 10:50:40 2011 GMT
    Serial Number: 7A61A7778842E502E2291166C4574485
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 7AA6F591D55ED1A26B6349B95E53A90E
        Revocation Date: Dec  2 14:52:13 2009 GMT
        CRL entry extensions:
            Invalidity Date: 
                Dec  2 14:52:11 2009 GMT
    Serial Number: 7B49341AD59BA61FB9452E7E9EF41131
        Revocation Date: Mar 22 12:49:27 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Mar 22 12:49:27 2011 GMT
    Serial Number: 7DD8E0E1906C1754E11E901927CCABBD
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 82072FC8F8DD7E6C0ECE9B47185F0521
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 8259C3E1DB6C2C9B7FCD6A305EADEFE4
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 826A3652F447B94D97BF8642B6C43ED0
        Revocation Date: Nov  1 11:23:13 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:23:13 2011 GMT
    Serial Number: 82BC18B1AA5D59C61D0EFDBEA7664C08
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 82C42F0EDC18BD751727BE5C54413EF7
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 83443EFF2B97F651CF726314BE9244F1
        Revocation Date: Nov  1 11:08:41 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:08:41 2011 GMT
    Serial Number: 8499A4C27A73A4960B9466D0F1B8C682
        Revocation Date: Sep 12 13:51:20 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Sep 12 13:51:20 2011 GMT
    Serial Number: 84BE5D762F37E9018D623C8E91F4D924
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 84C17C9A9979DD3C5E9A21AD2FDBD32F
        Revocation Date: Nov  1 11:25:39 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:25:39 2011 GMT
    Serial Number: 8625B32398C2722D96E7B972580A0238
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 8779917563EC38B7746B8ECAFE239BE6
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 877CBBF23F1B414E1D8E64F773E0B1DA
        Revocation Date: Nov  1 11:27:22 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:27:22 2011 GMT
    Serial Number: 8922A9A23BE960FFE9707A0B3F4D75BD
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 8A7075422239D800F5C2241E3BBB1FF5
        Revocation Date: Nov  1 11:26:06 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:26:06 2011 GMT
    Serial Number: 8B0EABAF922D4C6E6917FCBE365DD64A
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 8BA800DDDD865B6BF3A85ADEC4C29730
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 8C605DFAA0EC88CDB7D12F7250C9F53A
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 8C805CB17FA0B6CB52F97BC32EFC777F
        Revocation Date: Oct 20 10:23:38 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Oct 20 10:23:38 2011 GMT
    Serial Number: 8CC0DCE80E8FB817402FE9824F60467C
        Revocation Date: Nov  1 11:27:12 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:27:12 2011 GMT
    Serial Number: 8CC74931E64061491652CC169C8BAAB3
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 8CF1F45323EC5AB449451E7A9476CFDC
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 8D09D4B98DE67C9E9C7C18CB72AD2418
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 8ED896B9A622FF24559A3429E5888E0A
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 901F30DB86EEB1666F5A8CAE1C7BD08B
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 9084442344A7B0DD3A29785D32D52373
        Revocation Date: Nov  1 11:33:27 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:33:27 2011 GMT
    Serial Number: 90DB656E273476CC836778255582FA8B
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 9246D260478416265FA69422399D9E84
        Revocation Date: Nov  1 11:30:22 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:30:22 2011 GMT
    Serial Number: 9526110705F420A120D83E2CD67DD234
        Revocation Date: May  9 12:54:48 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                May  9 12:54:48 2011 GMT
    Serial Number: 96C61AB47F742F75B1CDE399E2C41D27
        Revocation Date: Nov  1 11:27:21 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:27:21 2011 GMT
    Serial Number: 9854D0D12C9C7E71890238CFB5202F75
        Revocation Date: Nov  1 10:29:07 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 10:29:07 2011 GMT
    Serial Number: 9952073595776A3D7A8101664A56AB96
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 9A3A951BE27E0729726FD8B80060E7E1
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 9AD82BE2FED538B10BDFBD229A8A5AEA
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 9AD9E57E014C69EA389DB5E9EEA13817
        Revocation Date: Apr  7 07:10:22 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Apr  7 07:10:22 2011 GMT
    Serial Number: 9C79C9FE16727BAC407B4AA21B153A54
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 9D06313F21A4EDF734C324FFBCB9E2B5
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 9EDCB5E1FE1255A2F1D7FC52C4AFA3B1
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 9F7DDFE3CAAD224EC6BD68B60DE78550
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: 9FD4E57DFA86E9F336DECE29FDB45333
        Revocation Date: Nov  1 11:22:51 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:22:51 2011 GMT
    Serial Number: A0563ABE2463550206DAC6B760D71C23
        Revocation Date: Nov  1 11:27:24 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:27:24 2011 GMT
    Serial Number: A076DA72A8C8E2137F05FE3FA59870EB
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: A07CB7881E35C91FD9C5D20F6102572C
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: A0B56D8688716223980DA762DBCABC3C
        Revocation Date: Aug 18 12:05:16 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Aug 18 12:05:16 2011 GMT
    Serial Number: A5029D6A057D50D20ECFE0E528EDA067
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: A5F6F149B468683318DC178F4208E237
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: A640A29E706AF38557B86619EAF45E7A
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: A67C22A6E1F9D87799548EBFC7D5527E
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: A6B85A1F2131478C77066D87A45C3D51
        Revocation Date: Nov  1 11:22:14 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:22:14 2011 GMT
    Serial Number: A8031D608F6549941879981764674DD7
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: A81686CEFDEFFCE82B8DBF100E1395F1
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: A869B96BCDF1D474C0714763AA34A8C9
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: A90F1BB43E9DB5EDFC60C15FB897C593
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: A91875623F828C3ECA477D4BBA8D8C90
        Revocation Date: Nov  2 15:00:19 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  2 15:00:19 2011 GMT
    Serial Number: A91F5E418BAB825B4E7EE9374BCCD564
        Revocation Date: Nov  1 11:30:27 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:30:27 2011 GMT
    Serial Number: ABB21F43553F2695031A1C85355D7F1C
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: ADB59A303C6260DBE466F0149AB11A4A
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: AE5A97E205DCFB13B679E02617BC7E86
        Revocation Date: Nov  1 11:23:03 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:23:03 2011 GMT
    Serial Number: AF5563842A85D49EDB4352C0BF0DF76B
        Revocation Date: Nov  1 11:33:35 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:33:35 2011 GMT
    Serial Number: AFA2F7E964280B36DB0D714B86256F54
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: B01AA1DCDF2798E17AE0F5667B80471F
        Revocation Date: Nov  1 11:33:52 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:33:52 2011 GMT
    Serial Number: B153C14A9B31CC287019E78A149FEB97
        Revocation Date: Sep 13 07:37:22 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Sep 13 07:37:22 2011 GMT
    Serial Number: B2205D8CBDDFE49D7C5F0F95D506718F
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: B2F57BD01BAAF7AF01EF442910CEBBA0
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: B355E909FD55C5E9EF1A6E67E9C18203
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: B3B64F1925F759A2E145190333D1D6D2
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: B4F9299F05A327E60543C4CDE3277FC0
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: B5D7A148CA6C1F9693A2C16ACDD66226
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: B795E7FE1120A3553ABAD4892F0C6E91
        Revocation Date: Oct 20 10:23:22 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Oct 20 10:23:22 2011 GMT
    Serial Number: B85E7BB83667097F15D8A3DEAAA1B198
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: B8FF8AA0AB3553466B1284C48C1B85ED
        Revocation Date: Nov  1 11:25:39 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:25:39 2011 GMT
    Serial Number: B95F62E86194734C9F68D4BF8B200C49
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: BB34F789A9229E8CF0C23919B9DA21DF
        Revocation Date: Oct 20 10:23:23 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Oct 20 10:23:23 2011 GMT
    Serial Number: BC01852405D3F4E22C48600266655026
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: BD7CB0D124DFDE784CD5B9EF288C304E
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: BED90D98FA3A1E0A5BD78AD54E55774D
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: C00132DA154BDEE361EDEE727226D0F5
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: C06C12DBBC7055FE40950803238EC104
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: C0766829AA4D2E1A5D97213A4E4A654E
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: C084DA49C3E25A501B590230DA54BB0A
        Revocation Date: Nov  1 11:23:04 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:23:04 2011 GMT
    Serial Number: C0F216CA8197AD00F0D98927EAE29E64
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: C1366C7246041A3089E1C244C5DC42E7
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: C3F9F45F19E334C8303F44288856D843
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: C47740B653399532490F7CFC5E8616CE
        Revocation Date: Nov  1 10:29:46 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 10:29:46 2011 GMT
    Serial Number: C6741E3D08C0FFD4617B94E654DD89F1
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: C6CFEBD86E69AE312289C6D18596897D
        Revocation Date: Sep  3 09:08:08 2010 GMT
        CRL entry extensions:
            Invalidity Date: 
                Sep  3 09:08:08 2010 GMT
    Serial Number: C731140FAA7690918BABF17BECB7938D
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: C83D16E9CB29DCF35F3B351CB942FE0D
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: C880AE4D7927E6A8FA7D456CB03E9763
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: C8B2487ADFAF969E34306029AC934406
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: C8C06B0C6B7FE7CA66BCFE617AB6C4E6
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: CAB736FFE7DCB2C47ED2FF88842888E7
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: CBBCB9E06F9FC92C533B2F2A5284BA22
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: CBFE437C9B62805C4353516699E44649
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: CC075F4CFA34A748150BA611F47055D9
        Revocation Date: Nov  1 11:11:54 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:11:54 2011 GMT
    Serial Number: CDBC0441C10DB5ABA43120E63A048425
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: CF5F7B9C6CA3994312FD88669394C323
        Revocation Date: Nov  1 11:27:16 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:27:16 2011 GMT
    Serial Number: CFAF9BE4E5BD0F5A75F628E45E0178C9
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: D0BA58BA609CC1A001F612987A822BEF
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: D1718E9BD91257D2169C81197D508A67
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: D19F691BE086F5E3EFB9B7868D422C84
        Revocation Date: Nov  1 11:23:19 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:23:19 2011 GMT
    Serial Number: D1FDE3A78C9D2E80C2303CC4E3E92A4C
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: D3E2205C3B899FC99D77FE802985283F
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: D50BB77AFE2AC19D32F1A6F64D291415
        Revocation Date: Nov  1 10:29:52 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 10:29:52 2011 GMT
    Serial Number: D59D17DDA83FC660E449E4C9D985E2A4
        Revocation Date: Nov  1 10:59:59 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 10:59:59 2011 GMT
    Serial Number: D5FB69503AD83389679490F837B8619D
        Revocation Date: Jun 17 12:37:26 2010 GMT
        CRL entry extensions:
            Invalidity Date: 
                Jun 17 12:37:26 2010 GMT
    Serial Number: D68DB21F7B82869796D053AA3BC34A94
        Revocation Date: Nov  1 11:27:23 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:27:23 2011 GMT
    Serial Number: D77EC92400AE0D9FA57DEF4DD8CFA4D4
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: D7E19542B47FA3E81C730D074955F6BC
        Revocation Date: Nov  1 11:22:41 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:22:41 2011 GMT
    Serial Number: DAACF72BC91FB6DA90A804933CB72E23
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: DAC51C3D23B163601305AF99DF129689
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: DB712D9D36823D44963892EE6588AF28
        Revocation Date: Mar  8 15:43:31 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Mar  8 15:43:31 2011 GMT
    Serial Number: DC1665266A0198728861AC99ED368928
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: DCD1072719692871126E4159D80EFDA8
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: DD8C315D2CA61870CBCF9D56ED7474E2
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: DDAD29B8B1215191E7EB5AAEE0219338
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: DE76B17BFB1B6D6D6634C8C104A6E59F
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: DEB427AC9F1E8A0D0237049C80DF7E7F
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: DF2AD7F766E2EEFAF0FD1FB5C6883AB4
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: DF3FD6AFBBFBC30C9AD80BF764A102DB
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: E0D078FD4EA88AD769DCA6D0C90BA126
        Revocation Date: Mar 22 13:03:28 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Mar 22 13:03:28 2011 GMT
    Serial Number: E1253D04A17AB8E47F4A5916B9BF9D23
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: E30C9C0AA1F53104303AF53107805127
        Revocation Date: May  6 07:38:49 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                May  6 07:38:49 2011 GMT
    Serial Number: E34C4FC7488C4DFEF0EA475A17AF2C7B
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: E3E120935934CBD77E1DA7F00431F745
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: E4A691D60266784968DF971D6BF473AF
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: E4B2F09505726306314DF05B734FD9D0
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: E4BFCDFB111B8A45F5CDB7D2CDBFEDEA
        Revocation Date: Nov  1 11:29:36 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:29:36 2011 GMT
    Serial Number: E6CF82506D0A646A44FE332DF170D607
        Revocation Date: Nov  1 11:29:46 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:29:46 2011 GMT
    Serial Number: E6D568B879FE71042D0700A8F6C7AC27
        Revocation Date: Nov  1 11:25:39 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:25:39 2011 GMT
    Serial Number: E6F9E095464F64448840A832FB3443DB
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: E73A251D3458CD0434B20CDBE3C58802
        Revocation Date: Nov  1 11:22:53 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:22:53 2011 GMT
    Serial Number: E93B28B47C34B243EBA62E58FE2FF46F
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: E9EB8075F7FE3683B431552C2D962CB0
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: EA71F746BD17D1B05450329818572F2E
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: EAACDC2F46D4A86F39B035B793F4A94F
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: EAE97F465015E49A14F3B23403ACFA11
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: EB72415ECD0B4AACBDEEA3734F4349BF
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: EBBE94FE4B140E8FABD5F84DB6D068EB
        Revocation Date: Oct 20 10:23:22 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Oct 20 10:23:22 2011 GMT
    Serial Number: EBE7561CA573DA5DBB8EFAA250A40FD3
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: ED4C2EBC14B85F46A9A75F159DF8BEB3
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: ED803C6C6B5F6D0C40D5F864BC19B35A
        Revocation Date: Nov  1 11:23:13 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:23:13 2011 GMT
    Serial Number: EEBE18855322343289191913F6D769EB
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: EF40C852B996531570CC260AF6764D8D
        Revocation Date: Dec  2 14:52:00 2009 GMT
        CRL entry extensions:
            Invalidity Date: 
                Dec  2 14:51:59 2009 GMT
    Serial Number: EFC30A7727C476C7CD00A57FD15724FF
        Revocation Date: Sep 13 07:37:22 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Sep 13 07:37:22 2011 GMT
    Serial Number: EFF0DD4B4927DF64232C5D2FF280C1E4
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: F1EBE73557546DC8B21E0A2DE5E3A33E
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: F346A1E62FED476F472560C6DDE0CADC
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: F5E1888EADDD5B5FF74E47207A5A71EC
        Revocation Date: Nov  1 11:07:00 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:07:00 2011 GMT
    Serial Number: F5E19830C2EBA4508E3B60516805CEF3
        Revocation Date: Nov  1 11:26:15 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:26:15 2011 GMT
    Serial Number: F5FA42A5B421705E4803DA93C4F7E099
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: F658C0D52B3EEF71DDE6C284E7E1B337
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: F7DE638B76C3958AA3413A9785A19900
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: F87DA43A8B60E3F70A119D399C9A4F7F
        Revocation Date: Nov  1 11:30:20 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:30:20 2011 GMT
    Serial Number: F88885670C3D55EBA52096A65310DACA
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: F89F5DE575755A3B4C0DECC6EDA7C804
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: FAB79682C8EAE556F11ECF6DAD7121BA
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: FC9993EA7A4E761B6CB79ABE2BD3CDE1
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: FCC8FFF7065C54DD5C710F313F9C4EDA
        Revocation Date: Nov  1 11:23:02 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:23:02 2011 GMT
    Serial Number: FCCF53CB3D0A71494AF9664690FFCF84
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: FD75F7A29461877B785EDAD00BDDC47C
        Revocation Date: Nov  1 11:30:15 2011 GMT
        CRL entry extensions:
            Invalidity Date: 
                Nov  1 11:30:15 2011 GMT
    Serial Number: FD8FE350325318C893AFE03F9DFC7096
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: FDEB145AAC81B8CD29B8DA018E71456F
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
    Serial Number: FE873B742B230B22AE540E840490A2F4
        Revocation Date: Aug 29 16:31:26 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
            Invalidity Date: 
                Sep 26 12:00:00 2011 GMT
        Issuer: /CN=EBG Web Sunucu Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/O=EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./C=TR
...
    Serial Number: 62EF62C5EFC8553D
        Revocation Date: Feb  9 08:03:35 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
        Issuer: /DC=ch/DC=cern/CN=CERN Trusted Certification Authority
...
    Serial Number: 30B2AE9D000200006E20
        Revocation Date: Sep 16 12:35:06 2010 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
    Serial Number: 15D51BD5000200007131
        Revocation Date: Dec 26 11:35:39 2010 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise

        Issuer: /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Organisatie CA - G2
...
    Serial Number: 013134BF
        Revocation Date: Sep 28 08:39:53 2011 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
        Issuer: /C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 2 L1 CA/CN=TC TrustCenter Class 2 L1 CA XI
...
    Serial Number: 8458000100020F69350AAD20FCD0
        Revocation Date: Feb  2 08:23:01 2010 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise
        Issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
...
    Serial Number: 0E3D04DDA1884DC39B7273414A32BEC5
        Revocation Date: Sep 16 13:43:07 2009 GMT
        CRL entry extensions:
            X509v3 CRL Reason Code: 
                CA Compromise

Tags:

2011-10-02 Try and Vet Tshirt Crypto Challenge Hack.lu2011 The Solution

Try and Vet T-Shirt Cryptographic Contest at Hack.lu 2011

The Challenge

What Did You Get During Hack.lu 2011?

From the hack.lu website, you got a text message including a message stream. During the conference, you got a t-shirt.

The horrible "Beer Scrunchie" subverted the hack.lu 2011 conference to hide some cryptographic materials. He especially abused the t-shirt for hack.lu 2011 to transmit under cover activities. We still don't know at which extend "Beer Scrunchie" abused the t-shirt. Everything is possible just like those trojan t-shirts discovered...

U2FsdGVkX19EAnHXVRgs2oajPS0zZ3+w8BlYdQbHMTI7GT9gvdgFkjtTarpNAmbz
ET8PRg72U8pydsLr4IaTt5n7fFz6jxyglU1ozZwjJhKAyPAftqxYvcnud4/cOiEV
2FutxaJYCORWsvQV+hi6j8LMqn5aJd7s2nhQ9BWji/ZjMZx/wXJVdCCmNL9HuWx9
q0KV/8nTaxOOEdGwENZT8rgSSb7qy5mcIlIBfdzqYAzynj8xLxHFmptNQfZaO3X0
MAbvS324WDeB3R5p6CaIDLeH95eN8jrqdXaDhxs1SrlJrq5inssTgsEttFUhHEe8
6unUI3i4sDeVvEcajMmxvKg0qQLqEkc56GXKXVuGYc+owEsgKW8JKk8DrfgbQMPy
mbaaN7h1PKjlXTIfkR9KXOMd0wy/KHEoM6FdWY1jjzB2Q9UODxgug6gNXciVpQB6
fpvlzvFkV8z8BfSMcDCo1GM6526hSYYtRF0RS3PoloSPjfvDCNVX86lMjKsx6etc
Wec6u4EuJVDI52dgSr3kslwlfswez4WM+H2cszKCf0xejql/tQsra6QAcj1JhSqD
C6AvtDV31IzLAhHy5Di4T1ONyk68WNU40BIsrNkb3lYFTtWtQeF5Z4DGwpcM9HKg
CbLIe9oiNONgrY+kn5RfkHgUaI/PbUQgWy/U6BkunbuqTuMXwiTeR3eaRwBnGQGJ
KL+w6duxhoZhCa9nrlr3I2Nx2l+bs9JIzp5h2nYIq6yhqAyQ6jE+lpAQk912FE1O
5AuOLW5bhMldPMVMlYlx6w==

Solution

The message on the website gave already some clues especially that:

If you decode the message encoded in Base64, you'll see that the stream of data in binary is starting in the following way : "Salted__…." That's the behaviour of the OpenSSL? salted encryption scheme prefixing with "Salted__" to announce that the first 8 bytes of the encrypted stream are reserved for the salt. This gives the indication that the message has been probably encrypted with an OpenSSL? tool or library. If you look carefully look at the encryption schemes available in OpenSSL?:

aes-128-cbc    aes-128-ecb    aes-192-cbc    aes-192-ecb    aes-256-cbc    
aes-256-ecb    base64         bf             bf-cbc         bf-cfb         
bf-ecb         bf-ofb         cast           cast-cbc       cast5-cbc      
cast5-cfb      cast5-ecb      cast5-ofb      des            des-cbc        
des-cfb        des-ecb        des-ede        des-ede-cbc    des-ede-cfb    
des-ede-ofb    des-ede3       des-ede3-cbc   des-ede3-cfb   des-ede3-ofb   
des-ofb        des3           desx           rc2            rc2-40-cbc     
rc2-64-cbc     rc2-cbc        rc2-cfb        rc2-ecb        rc2-ofb        
rc4            rc4-40 

There are not so many algorithms written by Bruce Schneier in a default OpenSSL? except Blowfish (bf-*). Usually cryptographer recommends to use the "default" mode and in this case, bf is Blowfish in CBC mode. So this is highly probable…

Where Is The Key?

As you didn't use the t-shirt until now, there is a good guess that the key is hidden somewhere. If you look carefully at the text in the back of the hack.lu 2011 t-shirt, you'll see many typographic errors. The interesting part is to compare the typographic errors from the original text as published by Phrack. Please note the typo in the URL (even if the URL works, doesn't mean that's the correct one ;-).

The original text from Phrack (original.txt)

This is our world now... the world of the electron and the switch, the beauty of the baud.
We make use of a service already existing without paying for what could be dirt-cheap if it
wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call
us criminals. We seek after knowledge... and you call us criminals. We exist without skin
color, without nationality, without religious bias... and you call us criminals. You build
atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe
it's for our own good, yet we're the criminals. Yes, I am a criminal. 
My crime is that of curiosity. My crime is that of judging people by what they say and think, 
not what they look like. My crime is that of outsmarting you, something that you will
never forgive me for. 
I am a hacker, and this is my manifesto. 
You may stop this individual, but you can't stop us all... after all, we're all alike. 


The Conscience of a Hacker, The Mentor, January 8, 1986, 
http://www.phrack.org/issues.html?issue=7&id=3#article 

The text from the hack.lu 2011 t-shirt (modified.txt)

This is our world now... the world of the electron and the swich, the beauty of the baud,
We make use of a service already exeisting without paying for what could be dirt-cheep if it
was'nt run by profofiteering gluttons, and you call us cricriminal. We explore... and you call
us criminals. We seek after knowledge... and you call us criminals. We exist without skin
colo, without nationlity, without rrligious bias... and you call us crimnals. You build
atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe
it's for our own good, yet we're the criminals. yes, I am a criminal.
My crime is that of curiosity. my crime is that of judginfg people by what thy say and think,
not what they look like. my crime is that of outmarting you, something that you will
never forgive me for.
I am a hacker, and this is my manifasto.
you may stop this individul, but you can't stop us all... after all, we're all alike.


The Conscience of a Hacker, The Mentor, January 8, 1986, 
http://www.phrack.org/issues.html?issue=7$id=3#article 

So you can build a key from the differences but how? That's the most difficult part (as there are many different way to do it). As there is no natural way to generate a key, I decided to go for a long key that can be read easily from the original text. To build back the key from original to modified you can use word diff and use your favorite GNU tools for word diff. We just discarded the punctuation and we didn't care about the case sensitivity.

wdiff -i -3 original.txt modified.txt | egrep -o "(\[-(.*)-\])" | sed -e "s/-//g" | sed -e "s/\[//g" | sed -e "s/\]//" | sed -e "s/\.$//g" | sed -e "s/,//g" 
| sed ':a;N;$!ba;s/\n//g'

The key to decrypt the message generated from the above wdiff is the following:

switchbaudexistingdirtcheapwasn'tprofiteeringcriminalscolornationalityreligiouscriminalsjudgingtheyoutsmartingmanifestoindividualhttp://www.phrack.org/issues.html?issue=7&id=3#article

and to decrypt the message, you'll need to use OpenSSL? in the following way used the guessed parameters:

openssl enc -d -a -bf -in encrypted.txt -out decrypted.txt 

and the original decrypted message is:

I'm Beer Scrunchie and I'm the author or co-author of various block ciphers, pseudo-random number generators and stream ciphers.

In 2012, there will be two major events: the proclamation of a winner for the NIST hash function competition and probably the hack.lu 2012 infosec conference
.

I hope that my Skein hash function will be the winner.

If you are reading this text and be the first to submit to tvtc@hack.lu, you just won a hack.lu ticket for next year. If I'm winning the NIST competition wit
h my hashing function,
you'll get a second free ticket...

Bruce

I got one correct answer 5 days after the conference showing that the difficulty to get back the key was bound to the uncertainty of the key generation. Next year, it's possible that we make a multi-stage t-shirt challenge for hack.lu 2012… from something more easy to something very difficult.

Tags:

2011-09-04 Information Security Is Not a Matter of Compliance

A Radio On a Piano

Information Security Is Not a Matter Of Compliance But a Matter of Some Regular and Boring Activities

Making conclusions from experience is not always a scientific approach but a blog is a place where to share experience. Today, I would like to share my past experience with information security and especially how much it's difficult to reach some security with the specific compliance detour proposed by the industry or even the society.

Compliance is a Different Objective Than Information Security

Many compliance mechanisms exist in the information security to ensure on paper the security of a service, a company, a process. I won't list all of them but you might know PCI-DSS, TS 101 456, ISO/IEC 27001 and so on… Very often the core target of a company is to get the final validating document at the end of the auditing process.

Of course, many of those validation processes are requiring many strong security requirements on the procedural aspect of the information security management within the company. This is usually a great opportunity for the information security department to increase somehow their budget or their attraction. Everything is nice. But usually when the paper work is finished, the company got their golden certificate and the investment in information security is just put aside.

But concrete information security is composed of many little dirty jobs that no one wants really do. Usually in the compliance documents those tasks are underestimated (e.g. a check-box at the end of a long list) or even not mentioned (e.g. discarded during the risk assessment because they seem insignificant). Those tasks are usually a core part of information security. Not only for protecting but also to detect misuse earlier.

I summarized the tasks in three large groups (it's not an exhaustive view) but show some of the core jobs to be performed in the context of protecting information systems:

Reading and Analyzing Never Ending Log Files

The log analysis is usually the main trigger to find a compromised system. When Clifford Stoll found that the system was compromised at LBL, it was due to a specific 75 cents accounting issue. Like the recent security breach at kernel.org discovered by an error in the log from a non-installed software (Xnest) or a pop up of an invalid certificate, that's how infection or compromised infrastructure get discovered.

But to discover those discrepancies, you need someone at the end. The answer, here, is not a machine to read your logs (I already hear the SIEM vendors claiming this can be automatized). It's a human having some knowledge (with some doubts) to pick something unusual that can lead to the detection of something serious.

The log analysis is a tedious work that needs curious and competent people. It's something difficult to describe in a compliance document. The analysis job can be boring and not really rewarded. That's why sometime you see the idea of "outsourcing" log analysis but can an outsourced analysis detect an accounting issue because he knows that some user is not working during that time shift?

IMHO, it's sometime better to invest into people and promote the act of regular logs analysis than pursue into an additional security certification without the real security activities associated.

Reducing the Attack Surface

The less software you have the better it is for its security. It sounds very obvious but that's a core concept. We pile more and more features in each software used. I never saw a control in a security standard or certification that recommends to have a policy to reduce software or remove old legacy systems. If you carefully look at "Systems Development Life Cycle", this always shows the perfect world without getting rid of old crappy code.

Maintaining the Software and Hardware

Maintaining software and hardware could fall into the category of "reducing the attack surface" but it's another beast, often under estimated in many security compliance processes. A software is like a living organism, you have to care of it. You don't acquire a tiger and put in your garden without taking care of it. Before maintaining, you obviously need to design systems with "flaw-handling in mind" as Marcus J. Ranum said or Wietse Venema or Saltzer and Schroeder in 1975 . In today's world, we are always not going in that direction so you have to maintain the software to keep out the daily security vulnerabilities.

The main issue with a classical information system is the interactions with the other systems and its environment. If you (as a security engineer) recommend to update a software in a specific infrastructure, you always hear the same song "I can't update it", "It will be done with the yearly upgrade" (usually taking 4 years), "Do you know the impact of this update on my software?" (and obviously you didn't write his software), "It's done" (while checking it's still giving the old version number), "It's not connected so we don't need to patch" (looking at the proxy logs you scare yourself by the volume of data exchanged) and … the classical "it's not managed by us" (while reading the product name in the title of the user who answers that).

Yes, upgrading software (and hardware) is a dirty job, you have to bother people, chase them every days. Even in information security, upgrading software is a pain and you usually break stuff.

All those dirty jobs are part of protecting information systems, we have to do them. Security certification is distracting a lot of professionals from those core activities. I know it's arduous to do them and not rewarded, but we have to do those tasks if we want to make the field more difficult for the attackers.

You might ask why a picture with a radio on a piano… both can do the same "music" but are operated in a different way. Just like information security on a system or an paper are done in two different ways.

Tags:

2011-05-22 Ease Your Log Analysis with Ranking

Apocalypse de milieu de terrain / Mittelfeldapokalypse (Tim Ernst)

Ease Your Log Analysis With BGP Ranking and logs-ranking

Raphael Vinot and I worked on a network security ranking project called BGP Ranking to track the malicious activities per Internet Service Provider (referenced with their ASN Autonomous System Number). The project is free software and can be downloaded, forked or updated at GitHub. As BGP Ranking recently reached a beta stage, we have now a nice set of data about the ranking of each Internet service provider in the world. Every day, we are trying to find new ways to use the dataset to improve our life and remove the boring work while doing network forensic.

A very common task when you are doing network forensic is to analyse huge stack of logs files. Sometime, you don't even know where to start as the volume is so important that you end up to look for some random patterns that might be suspicious. I wrote a small software called logs-ranking to prefix each line of a log file (currently only W3c (common/combined) logs files are supported) with the ASN and its BGP Ranking value. logs-ranking uses the whois interface of RIPE RIS to get the origin AS for IP address and the CIRCL BGP Ranking whois interface to get the current ranking.

To use it, you just to stream your log file and specify the log format (apache in this case).

cat ../logs/www.foo.be-access.log|  perl logs-ranking.pl -f apache >www.foo.be-access.log-ranked

and you'll get an output like this with the origin ASN and the ranking (a float value) prefixing the existing log line:

AS15169,1.00273578519859,74.125.... 
AS46664,1.00599888392857,173.242...

So now, you'll be able to sort your logs by the most suspicious entries at first (at least from the most suspicious Internet service provider):

sort -r -g -t"," -k2 www.foo.be-access.log-ranked

So this can be used to discriminate infected clients from Proxy logs that tries to reach bulletproof hoster where the malware C&C is hosted. Or infected machine on Internet trying to infect your latest web-based software… the ranking can be used for other purposes, it's just a matter of imagination.

Tags:

2011-03-06 Why The Philosophical Works Should Be Free

A close look at a Welsh onion flower

Roberto Di Cosmo recently published a work called "Manifeste pour une Création Artistique Libre", the work is not really a manifesto in the traditional sense but more a work about the potential licensing scheme at the Internet age. My blog entry is not about the content of the work itself but more about the non-free license used by the author. On the linuxfr.org website many people (including myself) made comments about how strange is to publish a work about free works while the manifesto itself is not free (licensed under the restrictive CC-BY-NC-ND). The author replies to the questions explaining his rationals to choose the non-free license with an additional "non printing" clause to the CC-BY-NC-ND.

I have a profound respect to Roberto's works regarding the promotion and support to the free software community but I clearly disagree with the facts stating philosophical works must not have any derivative and cannot be a free work. I also know that Richard Stallman disallows derivative work on his various works. If you carefully check the history of philosophical works, there are a lot of essays from various philosophers having some revision due to external contributions (e.g. Ivan Illich has multiple works evolving over time due to interaction or discussions with people). It's true that the practice was not very common to publish about the evolution of the works. But that was mainly due to the slowness of the publishing mechanisms and not by the works themselves.

The main argument used to avoid freeing the works is usually the integrity of the author's work. A lot of works have been modified over time to reflect the current use of the language or make a translation to another language. Does this affect the integrity of the author's work? I don't think so. Especially for any free works (including free software) attribution is required in any case. So by default, the author (and the reader) would see the original attribution and the modification over time (recently improved in the free software community by the extensive use of distributed version control system like git).

Maybe it's now the time to reconsider that free software is going far beyond the simple act of creating software but also touching any act of thinking or creation.

Tags:

2011-03-05 Monitoring Memory of Suspicious Processes

Monitoring The Memory of Suspicious Processes

If you are operating many GNU/Linux boxes, it's not uncommon to have issues with some processes leaking memory. It's often the case for long-running processes handling large amount of data and usually using small chunk of memory segment while not freeing them back to the operating system. If you played with the Python "gc.garbage" or abused the Perl Scalar::Util::weaken function but to reach that stage, you need to know which processes ate the memory.

Usually looking for processes eating the memory, you need to have a look at the running process using ps, sar, top, htop… For a first look without installing any additional software, you can use ps with its sorting functionality:

%ps -eawwo size,pid,user,command --sort -size | head -20
 SIZE   PID USER     COMMAND
224348 32265 www-data /usr/sbin/apache2 -k start
224340 32264 www-data /usr/sbin/apache2 -k start
162444  944 syslog   rsyslogd -c4
106000 2229 datas     redis-server /etc/redis/redis.conf
56724 31034 datap    perl ../../pdns/parse.pl
32660  3378 adulau   perl pdns-web.pl daemon --reload
27040  4400 adulau   SCREEN
20296 20052 unbound  /usr/sbin/unbound
...

It's nice to have a sorted list by size but usually the common questions are:

  • Is that normal?
  • What's the evolution over time?
  • Does the value increased or reduced over time?
  • Which memory usage is evolving badly?

My first guess was to get the values above in a file, add a timestamp in front and make a simple awk script to display the evolution and graph it. But before jumping into it, I checked in Munin if there is a default plugin to do that per process. But there is no default plugin… I found one called multimemory that basically doing that per process. To configure it, you just need to add it as plugin with the processes you want to monitor.

[multimemory]
env.os linux 
env.names apache2 perl unbound rsyslogd

If you want to test the plugin, you can use:

%munin-run multimemory
perl.value 104148992
unbound.value 19943424
rsyslogd.value 162444
apache2.value 550055

You can connect to your Munin web page and you'll see the evolution for each monitored process name. After that's just a matter of digging into "valgrind --leak-check=full" or use your favorite profiling tool for Perl, Ruby or Python.

Monitoring Memory of Suspicious Processes

Tags:

2011-01-01 Often I m wrong but not always

A shaky night

Often I'm Wrong But Not Always...

Prediction is very difficult, especially if it's about the future. Niels Bohr

Usually at the beginning of the year, you see all those predictions about the future technology or social comportment in front of those technologies. In the information security field, you see plenty of security companies telling you that there will be much more attacks or those attacks will be diversified targeting your next mobile phone or your next-generation toaster connected to Facebook. Of course! More malware or security issues will pop up especially if you increase the number of devices in the wild, their number of wild users and especially those wild users waiting to get money fast. So I'll leave up to the security companies waiting to make press release about their marketing predictions.

As we are at the beginning of a new numerical year, I was cleaning up a bit my notes in an old Emacs folder (from 1994 until 2001). I discovered some interesting notes and some drawings and I want to share a specific one with you.

In my various notes, I discovered an old recurring interest for Wiki-like technologies at that time. Some notes are making references to some Usenet articles (difficult to find back) and some references to c2.com articles how a wiki is well (un)organized. Some notes were unreadable due to the lack of the context for that period 2. There is even a mention to the use of a Wiki-like in the enterprise or building a collaborative Wiki website for technical FAQ. There are some more technical notes about the implementation of the software to have a wiki-like FAQ website including a kind of organization by vote. I let you find the today's website doing that…

Suddenly, in the notes, there is a kind of brainstorm discussion about the subject. The notes include some discussion from myself and from other colleagues. And there is an interesting statement about Wiki-like technology from a colleague : it's not because you like the technology that other people will use it or embrace it. That's an interesting point but the argument was used to avoid doing something or invest some times in Wiki-like approach. Yes, this is right but the question is more on how you are making stuff and how people would use it. My notes on that topic ended up with the brainstorm discussion. A kind of choke to me…

What's the catch? Not doing or building something to test it out. You can talk eternally about an idea if it is good or bad. But the only way to know if this is a good or bad idea is to build the idea. I was already thinking like that but I forgot that it happened to me… Taking notes is good especially when you learned that you should pursue and transform your ideas in a reality even with the surrounding criticisms.

My conclusion to those old random notes would be something like this:

If you see something interesting and you get a strong conviction that could succeed in one way or another, do or try something with it. (please note the emphasis on the do)

Looks like, I'll keep again this advise for the next years…

More...

Footnotes:

1. Could this be used to fingerprint the software used at each CA infrastructure?

2. note to myself: better explain context when describing something or an idea to implement