- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Wed, 19 May 2004 14:40:56 +0100
- To: tommy lindberg <lindberg_tommy@hotmail.com>
- Cc: www-xkms@w3.org
Hi Tommy, > An XKMS service MAY indicate a key binding's validity interval using the > <ValidityInterval> element as defined in 5.1.5 in [1]. This element has > two attributes of type xsd:dateTime, NotBefore and NotOnOrAfter, both > of which are optional. > > I imagine the attributes are optional for the purpose of supporting the > various flavors of PKI's mentioned in the specification. > > The way the text in 5.1.5 is formulated permits an XKMS service to specify > only one or neither of the boundary attributes even though their > counterparts > exist in the underlying PKI. > > I propose that a relying party ought to be assured to get both attributes > when they exist in the underlying PKI. What breaks if we don't do that? Not much I'd guess since the RP has to be able to handle cases where stuff is missing. So I'd rather not impose such a new requirement on a responder (or did you mean something else by "be assured"?) Stephen.
Received on Wednesday, 19 May 2004 09:38:47 UTC