- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Fri, 04 Apr 2008 15:41:08 +0100
- To: 'W3 Work Group' <public-wsc-wg@w3.org>
Thomas Roessler wrote: > On 2008-04-04 15:29:00 +0100, Stephen Farrell wrote: > >> - If an RP is doing relaxed path validation, then it can ignore >> the current time when considering notBefore and notAfter fields. >> >> I'd be open to allowing non-overlapping validity periods in cert >> paths when doing relaxed path validation, but there's probably no >> point if the underlying crypto APIs already insist on some overlap. >> (Which I think is the case, can't recall really.) > > The additional question here is whether relaxed path validation > should be permissible for any validated certificate, or maybe > prohibited for augmented assurance? Relaxed path validation should be prohibited for AACs. I can't think of a sensible augmentation (of the authentication) that would be true for all time. S.
Received on Friday, 4 April 2008 14:41:39 UTC