- From: Hallam-Baker, Phillip <pbaker@verisign.com>
- Date: Tue, 5 Mar 2002 10:02:48 -0800
- To: "'stephen.farrell@baltimore.ie'" <stephen.farrell@baltimore.ie>, www-xkms@w3.org
- Message-ID: <2F3EC696EAEED311BB2D009027C3F4F4058699B8@vhqpostal.verisign.com>
It is important that there be the ability to give a start time for an Invalid response. The only circumstances in which the end time for an invalid response would be relevant for current PKIs is if someone was silly enough to use the Suspend function of CRLs, or if the status is queried for a date in the past before the notBefore date of a cert in which case the start date would be empty. In most cases then a responder sending back invalid would be expected to send back a start date with no end date. But it is possible that a responder would need to send back invalid with a validity interval closed at both ends. Phill Phillip Hallam-Baker FBCS C.Eng. Principal Scientist VeriSign Inc. pbaker@verisign.com 781 245 6996 x227 > -----Original Message----- > From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie] > Sent: Tuesday, March 05, 2002 12:48 PM > To: www-xkms@w3.org > Subject: status of the nation... > > > > Joseph stated: > > If a Status of Invalid is returned with a ValdityInterval I would > > presume that means that the assertion that is known to be invalid > > only as long as the specified interval. After the interval, one > > might query again. > > I need to think about this, since the answer may depend on the > semantics of a key management scheme "behind" xkms (e.g. x.509). > Others? > > Stephen. > > -- > ____________________________________________________________ > Stephen Farrell > Baltimore Technologies, tel: (direct line) +353 1 881 6716 > 39 Parkgate Street, fax: +353 1 881 7000 > Dublin 8. mailto:stephen.farrell@baltimore.ie > Ireland http://www.baltimore.com >
Attachments
- application/octet-stream attachment: Phillip_Hallam-Baker__E-mail_.vcf
Received on Tuesday, 5 March 2002 13:02:02 UTC