RE: status of the nation... from Mike Just on 2002-03-06 (www-xkms@w3.org from March 2002)

From: Mike Just <Mike.Just@entrust.com>
Date: Wed, 6 Mar 2002 09:45:08 -0500
To: "'Hallam-Baker, Phillip'" <pbaker@verisign.com>, "'reagle@w3.org'" <reagle@w3.org>, "'stephen.farrell@baltimore.ie'" <stephen.farrell@baltimore.ie>, www-xkms@w3.org
Message-ID: <9A4F653B0A375841AC75A8D17712B9C90257A922@sottmxs04.entrust.com>

Actually, the end date for the invalidity period may not have to do with
revocation or suspension. For example, suppose that I'm issued a certificate
on Sunday that does not become valid until Monday. If, on Sunday, someone
wants to validate my certificate, I assume that the response could say that
it is invalid....until Monday.  The client could simply treat as invalid, or
could be designed to come back at a later time (though I can't imagine
designing software to do this).  In any case, the end date for the validity
period would make sense.
Alternatively, one might say that the validation response could include a
validity interval with a start date of Monday. However, this wouldn't be a
"valid" response since as of the current time, the certificate would not be
considered valid. 

Mike

-----Original Message-----
From: Hallam-Baker, Phillip [mailto:pbaker@verisign.com]
Sent: Tuesday, March 05, 2002 1:48 PM
To: 'reagle@w3.org'; Hallam-Baker, Phillip;
'stephen.farrell@baltimore.ie'; www-xkms@w3.org
Subject: RE: status of the nation...

The only case in which it could arise is if the backing PKI is X.509 and the
certificate enquired about is in suspend status.

Under X.509v3 rules the certificate is Invalid from the date specified in
the CRL to the date of the next CRL.

When the next CRL is issued the cert might be reinstated or might still be
suspended.

		Phill

Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227

> -----Original Message-----
> From: Joseph Reagle [mailto:reagle@w3.org]
> Sent: Tuesday, March 05, 2002 1:42 PM
> To: Hallam-Baker, Phillip; 'stephen.farrell@baltimore.ie';
> www-xkms@w3.org
> Subject: Re: status of the nation...
> 
> 
> On Tuesday 05 March 2002 13:02, Hallam-Baker, Phillip wrote:
> > In most cases then a responder sending back invalid would 
> be expected to
> > send back a start date with no end date. But it is possible that a
> > responder would need to send back invalid with a validity 
> interval closed
> > at both ends.
> 
> Why would that be? What does it mean if it is closed for the time 
> afterwards? (Regardless, the answer should be documented.)
> 
> -- 
> 
> Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
> W3C Policy Analyst                mailto:reagle@w3.org
> IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
> W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
>

Received on Wednesday, 6 March 2002 09:45:46 UTC