Thread-topic: [Fed-Talk] Memory usage spikes when viewing Signed Emails
The ocspd daemon is probably be loading a CRL needed to verify a signature.
It gets the CRL uri from the cert. If the cert is issued by one of the
standard DoD intermediate CA servers, the CRL could be quite large. Also,
the DISA CRL servers are notoriously slow. It might take at least 30
seconds to get the CRL. However, once the CRL is loaded, it will be cached
until it expires.
You can use certtool to look at your CRL cache:
certtool y k=/var/db/crls/crlcache.db
You can use crlrefresh to flush the cache:
As for the GUI spinning, Apple does not have API for validating a cert in a
threaded manner. The app writer must do that themselves.
Thursby Software Systems, Inc.
on 8/28/07 5:29 PM, Alan B Stepakoff at email@hidden wrote:
> OCSP is the process for checking whether an x.509 certificate has
> been revoked or not.
> The system must be loading an OCSP daemon when checking the signature cert.
> Alan Stepakoff
> At 5:57 PM -0400 8/28/07, Mike Jackson wrote:
>> That email from Shawn today with the subject "Re: [Fed-Talk] Mac
>> Ownership & Permissions (UNCLASSIFIED)". Anything from Tim Miller
>> (Sorry Tim.. ;-) ) and a few others. This is with Apple Mail on
>> 10.4.10. Nothing else is special about the system unless you count
>> all the developer stuff from Apple that has been installed.
>> Ok. I did some digging and using those superpowers that Activity
>> Monitor grants me, the culprit seems to be 'ocspd', which when I
>> tried to view a signed email that was on this list a few days ago,
>> the memory spiked to 800MB and locked up the GUI for about 30
>> seconds. Is this normal?
>> Mike Jackson Senior Research Engineer
>> Innovative Management & Technology Services
>> On Aug 28, 2007, at 5:46 PM, Bill Wagner wrote:
>>> That really can't be answered without knowing more information:
>>> 1. How big are the e-mails and/or the data contained in them?
>>> 2. Are the e-mails self signed or are they checked against a public key?
>>> 3. Is this custom software as in that provided in a package developed
>>> for you or is it off the shelf with no modification.
>>> 4. Is this happening on all signed e-mails or just some of them?
>>> 5. Do you know what type of signing algorithms are being used?
>>> If they're simple text e-mails and everything is off the shelf, I
>>> would think you might want to assume this is some type of OS bug.
>>> If the e-mails contain data such as images or reports of any type,
>>> then it means the e-mail and every byte of data in the included
>>> documents or images is likely being hashed through a signing
>>> algorithm to check its validity. This can be pretty memory and CPU
>>> intensive, but I have to admit unless this is being done to
>>> mega-documents or mega-images, eating up 700M sounds pretty
>>> I would need more information to even hazard a guess.
>>> Bill Wagner
>>> inefficient.Mike Jackson wrote:
>>>> Why does my computer (Mac Book Pro, 2GB Ram, 160GB Drive) seem to
>>>> lock up and the memory usage spike ( to about 700MB) every time I
>>>> try to view a signed email? This is getting to the point where I
>>>> am about to put a filter to just delete anything from those
>>>> people I know sign their emails.. just getting frustrating.
>>>> This is with OS X 10.4.10. There is always lots of Ram available
>>>> when this happens as I monitor it with a utility constantly. The
>>>> same thing happens with Safari when I log into the US Air Force
>>>> Web Mail site with my CAC.
>>>> Thanks for any help.
>>>> Mike Jackson
>>>> imikejackson & gmail * com
>>>> Do not post admin requests to the list. They will be ignored.
>>>> Fed-talk mailing list (email@hidden)
>>>> Help/Unsubscribe/Update your Subscription:
>>>> This email sent to email@hidden
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>> This email sent to email@hidden
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
> This email sent to email@hidden
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden