- From: Ryan Sleevi <sleevi@google.com>
- Date: Sun, 5 Aug 2012 22:12:16 -0700
- To: Mountie Lee <mountie@paygate.net>
- Cc: Web Cryptography Working Group <public-webcrypto@w3.org>, David Dahl <ddahl@mozilla.com>, Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>
On Sun, Aug 5, 2012 at 9:58 PM, Mountie Lee <mountie@paygate.net> wrote: > Hi. > for determining key expiration, > are CRL or OCSP in scope of low level api? > > regards > mountie. No. CRL and OCSP represent high-level protocols, and are only relevant in the context of a specific certificate. For example, a given key may have multiple certificates associated with it (crypto-ISSUE-15). As such, it's possible to imagine a scenario where one of the certificates has been revoked by the issuer, while another has it still valid. This is similar to the issue I note with overlapping validity dates. With the low-level API, however, it's certainly possible to integrate a CRL or OCSP checker, if there is a particular certificate to be checked. The low-level API provides sufficient primitives that, combined with XMLHttpRequest, an application could generate an OCSP request, or parse a CRL or OCSP response. Regards, Ryan
Received on Monday, 6 August 2012 05:12:43 UTC