W3C home > Mailing lists > Public > www-xkms@w3.org > March 2002

RE: status of the nation...

From: Blair Dillaway <blaird@microsoft.com>
Date: Wed, 6 Mar 2002 15:20:55 -0800
Message-ID: <AA19CFCE90F52E4B942B27D42349637902CDCF2E@red-msg-01.redmond.corp.microsoft.com>
To: "Mike Just" <Mike.Just@entrust.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>, <reagle@w3.org>, <stephen.farrell@baltimore.ie>, <www-xkms@w3.org>
I'll argue for keeping this general to support the types of cases
described below.  We should be able to return valid, and the interval
during which it should remain valid. Return invalid with an indication
of what interval in the past it was valid or what time in the future it
might become valid.  
 
This also raises the issue of expressing open intervals.  Seems
reasonable these are captured by only supplying a NotBefore or NotAfter
datetime.  Should be documented.
 
Blair 

	-----Original Message-----
	From: Mike Just [mailto:Mike.Just@entrust.com] 
	Sent: Wednesday, March 06, 2002 6:45 AM
	To: 'Hallam-Baker, Phillip'; 'reagle@w3.org';
'stephen.farrell@baltimore.ie'; www-xkms@w3.org
	Subject: RE: status of the nation...
	
	

	Actually, the end date for the invalidity period may not have to
do with revocation or suspension. For example, suppose that I'm issued a
certificate on Sunday that does not become valid until Monday. If, on
Sunday, someone wants to validate my certificate, I assume that the
response could say that it is invalid....until Monday.  The client could
simply treat as invalid, or could be designed to come back at a later
time (though I can't imagine designing software to do this).  In any
case, the end date for the validity period would make sense.

	Alternatively, one might say that the validation response could
include a validity interval with a start date of Monday. However, this
wouldn't be a "valid" response since as of the current time, the
certificate would not be considered valid. 

	Mike 

	-----Original Message----- 
	From: Hallam-Baker, Phillip [mailto:pbaker@verisign.com] 
	Sent: Tuesday, March 05, 2002 1:48 PM 
	To: 'reagle@w3.org'; Hallam-Baker, Phillip; 
	'stephen.farrell@baltimore.ie'; www-xkms@w3.org 
	Subject: RE: status of the nation... 



	The only case in which it could arise is if the backing PKI is
X.509 and the 
	certificate enquired about is in suspend status. 

	Under X.509v3 rules the certificate is Invalid from the date
specified in 
	the CRL to the date of the next CRL. 

	When the next CRL is issued the cert might be reinstated or
might still be 
	suspended. 

	                Phill 



	Phillip Hallam-Baker FBCS C.Eng. 
	Principal Scientist 
	VeriSign Inc. 
	pbaker@verisign.com 
	781 245 6996 x227 


	> -----Original Message----- 
	> From: Joseph Reagle [mailto:reagle@w3.org] 
	> Sent: Tuesday, March 05, 2002 1:42 PM 
	> To: Hallam-Baker, Phillip; 'stephen.farrell@baltimore.ie'; 
	> www-xkms@w3.org 
	> Subject: Re: status of the nation... 
	> 
	> 
	> On Tuesday 05 March 2002 13:02, Hallam-Baker, Phillip wrote: 
	> > In most cases then a responder sending back invalid would 
	> be expected to 
	> > send back a start date with no end date. But it is possible
that a 
	> > responder would need to send back invalid with a validity 
	> interval closed 
	> > at both ends. 
	> 
	> Why would that be? What does it mean if it is closed for the
time 
	> afterwards? (Regardless, the answer should be documented.) 
	> 
	> -- 
	> 
	> Joseph Reagle Jr.
http://www.w3.org/People/Reagle/ 
	> W3C Policy Analyst                mailto:reagle@w3.org 
	> IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/

	> W3C XML Encryption Chair
http://www.w3.org/Encryption/2001/ 
	> 
Received on Wednesday, 6 March 2002 18:21:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:38 UTC