- From: <stef.hoeben@utimaco.be>
- Date: Fri, 28 Jun 2002 15:26:31 +0200
- To: "Ed Simon" <edsimon@xmlsec.com>
- Cc: www-xkms@w3.org
>> Could you tell me is it ("checking if a cert is valid some
>> > time ago"-ed.) is possible to do the above using
>> the current XKMS 'Validate) service(s)?
>
>Yes, I would say it is. You can use the Validate service for the
>certificate in question and the Validate service can choose to return a
>status code of Invalid with a <ValidityInterval> element indicating the
>certificate has already expired and when that happened.
OK, I see, thanks!
But in order to check the validity of an entire cert chain
some time in the past, the same procedure should be repeated
for each cert in the chain, isn't it? (As opposed to e.g. adding
an optional "ValidationTime" in the Validate request, this
would allow cert chain validation with 1 single request).
(I got the idea from PKIX drafts such as CVP, SCVP and RFC3029).
If these things shouldn't be discussed on this list, pls. let me know.
Stef
Received on Friday, 28 June 2002 09:31:59 UTC