- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Wed, 02 Apr 2008 17:38:04 +0100
- To: W3 Work Group <public-wsc-wg@w3.org>
We didn't get to it on today's call, and I'll forget before the next one, but I don't like the following sentence: "If certificate status checks are performed by a user agent, and a certificate is found to be outside its validity period, then the certificate MUST be considered revoked." Revocation and validity periods aren't the same and I don't see any reason to mix them up like this. For example, depending on how a UA handled "considered revoked" the above could mean that a cert that isn't yet valid will continue to be treated as revoked even after the clock catches up with the notBefore field. That'd be bad and non-compliant with x.509/rfc3280. Plus, I really liked the relaxed validation which seems to have disappeared (maybe at the last f2f?), and would be ruled out by that sentence. My suggestion: re-instate relaxed validation and delete the above sentence. S.
Received on Wednesday, 2 April 2008 16:38:37 UTC