On Sun, Aug 5, 2012 at 9:58 PM, Mountie Lee <mountie@paygate.net> wrote: > Hi. > for determining key expiration, > are CRL or OCSP in scope of low level api? > > regards > mountie. No. CRL and OCSP represent high-level protocols, and are only relevant in the context of a specific certificate. For example, a given key may have multiple certificates associated with it (crypto-ISSUE-15). As such, it's possible to imagine a scenario where one of the certificates has been revoked by the issuer, while another has it still valid. This is similar to the issue I note with overlapping validity dates. With the low-level API, however, it's certainly possible to integrate a CRL or OCSP checker, if there is a particular certificate to be checked. The low-level API provides sufficient primitives that, combined with XMLHttpRequest, an application could generate an OCSP request, or parse a CRL or OCSP response. Regards, RyanReceived on Monday, 6 August 2012 05:12:43 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:01:25 UTC