W3C home > Mailing lists > Public > www-xkms@w3.org > June 2002

Re: Validation of signatures?

From: <stef.hoeben@utimaco.be>
Date: Fri, 28 Jun 2002 15:26:31 +0200
To: "Ed Simon" <edsimon@xmlsec.com>
Cc: www-xkms@w3.org
Message-ID: <OFA40755D3.AE7FEEBF-ONC1256BE6.004899E1@utimaco.be>


>> Could you tell me is it ("checking if a cert is valid some
>> > time ago"-ed.) is possible to do the above using
>> the current XKMS 'Validate) service(s)?
>
>Yes, I would say it is.  You can use the Validate service for the
>certificate in question and the Validate service can choose to return a
>status code of Invalid with a <ValidityInterval> element indicating the
>certificate has already expired and when that happened.

OK, I see, thanks!

But in order to check the validity of an entire cert chain
some time in the past, the same procedure should be repeated
for each cert in the chain, isn't it? (As opposed to e.g. adding
an optional "ValidationTime" in the Validate request, this
would allow cert chain validation with 1 single request).

(I got the idea from PKIX drafts such as CVP, SCVP and RFC3029).

If these things shouldn't be discussed on this list, pls. let me know.

Stef
Received on Friday, 28 June 2002 09:31:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:16 GMT