W3C home > Mailing lists > Public > www-xkms@w3.org > October 2002

RE: Issue 33... keybinding discuss...

From: Blair Dillaway <blaird@exchange.microsoft.com>
Date: Wed, 16 Oct 2002 13:43:12 -0700
Message-ID: <0A0B36F65A314D4AB8D2CF1D1FD835F1A237E4@df-muttley.dogfood>
To: <reagle@w3.org>, "Hallam-Baker, Phillip" <pbaker@verisign.com>, "Www-Xkms (E-mail)" <www-xkms@w3.org>

All the client would ever know is what the XKMS service told it.  At
some point the service may respond to a validity request with a
KeyBinding with a status of Valid.  After a subsequent revocation
action, one would expect any future requests to return a KeyBinding with
a status of Invalid.

So, it might it be better to say "... cert is revoked by any means then
the KeyBinding status would become Invalid"?  Or, we might generalize
this language to indicate an XKMS service statements regarding the
validity of a KeyBinding should be consistent with the semantics of any
backend PKI infrastructure it is using to establish trust in the
bindings of keys to attributes.

Blair

-----Original Message-----
From: Joseph Reagle [mailto:reagle@w3.org] 
Sent: Wednesday, October 16, 2002 1:14 PM
To: Hallam-Baker, Phillip; Www-Xkms (E-mail)
Subject: Re: Issue 33... keybinding discuss...



On Wednesday 16 October 2002 02:23 pm, Hallam-Baker, Phillip wrote:
> So if a key binding is reflecting the status of an X.509 cert and the 
> cert is revoked by any means then the key binding is automatically 
> revoked.

How is the stupid XML client supposed to know this? Or is this some 
requirement on a service?
Received on Wednesday, 16 October 2002 16:43:20 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:40 UTC