RE: status of the nation...

The only case in which it could arise is if the backing PKI is X.509 and the
certificate enquired about is in suspend status.

Under X.509v3 rules the certificate is Invalid from the date specified in
the CRL to the date of the next CRL.

When the next CRL is issued the cert might be reinstated or might still be
suspended.

		Phill



Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227


> -----Original Message-----
> From: Joseph Reagle [mailto:reagle@w3.org]
> Sent: Tuesday, March 05, 2002 1:42 PM
> To: Hallam-Baker, Phillip; 'stephen.farrell@baltimore.ie';
> www-xkms@w3.org
> Subject: Re: status of the nation...
> 
> 
> On Tuesday 05 March 2002 13:02, Hallam-Baker, Phillip wrote:
> > In most cases then a responder sending back invalid would 
> be expected to
> > send back a start date with no end date. But it is possible that a
> > responder would need to send back invalid with a validity 
> interval closed
> > at both ends.
> 
> Why would that be? What does it mean if it is closed for the time 
> afterwards? (Regardless, the answer should be documented.)
> 
> -- 
> 
> Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
> W3C Policy Analyst                mailto:reagle@w3.org
> IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
> W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
> 

Received on Tuesday, 5 March 2002 14:50:59 UTC