- From: Dan Schutzer <dan.schutzer@fstc.org>
- Date: Wed, 2 Apr 2008 12:51:26 -0400
- To: "'Stephen Farrell'" <stephen.farrell@cs.tcd.ie>, "'W3 Work Group'" <public-wsc-wg@w3.org>
I agree, in the case presented the certificate has expired. It hasn't been revoked. -----Original Message----- From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Stephen Farrell Sent: Wednesday, April 02, 2008 12:38 PM To: W3 Work Group Subject: Odd/bad sentence in 5.4.1 We didn't get to it on today's call, and I'll forget before the next one, but I don't like the following sentence: "If certificate status checks are performed by a user agent, and a certificate is found to be outside its validity period, then the certificate MUST be considered revoked." Revocation and validity periods aren't the same and I don't see any reason to mix them up like this. For example, depending on how a UA handled "considered revoked" the above could mean that a cert that isn't yet valid will continue to be treated as revoked even after the clock catches up with the notBefore field. That'd be bad and non-compliant with x.509/rfc3280. Plus, I really liked the relaxed validation which seems to have disappeared (maybe at the last f2f?), and would be ruled out by that sentence. My suggestion: re-instate relaxed validation and delete the above sentence. S.
Received on Wednesday, 2 April 2008 16:52:08 UTC