RE: Certificate Expiry (summary)

Henry asked me to at least +1 this if I agreed, so I am :)

> I would argue very simply:
> 
>  - the client sends you a certificate which is a set of claims
>    if those claims contain an assertion that the certificate is 
> expired there is prima facie reason to respect that assertion. 
> 
>  - if that claim is non expired and you fetch the profile which 
>   does state that they key is expired (to be defined) then
>   there is reason to believe that your supporting evidence states
>   that the key is expired and hence that knowledge of the private key
>   does not constitute proof of webid = knower of private key identity.

+1

(This is clear, and implementable without ambiguity -- the validity period is considered to be the intersection of the claim in the certificate and the claim in the profile document)

M.

-- 
Mo McRoberts - Technical Lead - The Space,
0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
Project Office: Room 7083, BBC Television Centre, London W12 7RJ  

http://www.bbc.co.uk/
This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.
					

Received on Monday, 30 January 2012 17:57:16 UTC