- From: Blair Dillaway <blaird@exchange.microsoft.com>
- Date: Wed, 16 Oct 2002 13:43:12 -0700
- To: <reagle@w3.org>, "Hallam-Baker, Phillip" <pbaker@verisign.com>, "Www-Xkms (E-mail)" <www-xkms@w3.org>
All the client would ever know is what the XKMS service told it. At some point the service may respond to a validity request with a KeyBinding with a status of Valid. After a subsequent revocation action, one would expect any future requests to return a KeyBinding with a status of Invalid. So, it might it be better to say "... cert is revoked by any means then the KeyBinding status would become Invalid"? Or, we might generalize this language to indicate an XKMS service statements regarding the validity of a KeyBinding should be consistent with the semantics of any backend PKI infrastructure it is using to establish trust in the bindings of keys to attributes. Blair -----Original Message----- From: Joseph Reagle [mailto:reagle@w3.org] Sent: Wednesday, October 16, 2002 1:14 PM To: Hallam-Baker, Phillip; Www-Xkms (E-mail) Subject: Re: Issue 33... keybinding discuss... On Wednesday 16 October 2002 02:23 pm, Hallam-Baker, Phillip wrote: > So if a key binding is reflecting the status of an X.509 cert and the > cert is revoked by any means then the key binding is automatically > revoked. How is the stupid XML client supposed to know this? Or is this some requirement on a service?
Received on Wednesday, 16 October 2002 16:43:20 UTC