[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Need for Start Date

To: spki@c2.org
Subject: Need for Start Date
From: frantz@netcom.com (Bill Frantz)
Date: Thu, 14 Mar 1996 15:02:58 -0800
Sender: owner-spki@c2.org

>The first, I believe, was offered by Carl Ellison.  This "generalized"
>certificate has the following minimal structure:
>
>      Certifying-key:  <KEY_ID>
>      Signed-key:      <KEY_ID>
>      Validity:        <DATE_RANGE>
>      Meaning:         <variable structure>
>      (cert-key signature appended).

>Another target was offered recently by Paul Leach:
>
>      Cert-Name:       <DNS-name>
>      Issuer-Name:     <DNS-name>
>      Key:             <base64>
>      Expires:         <RFC1123-date>
>      Serial:          <RFC822-msgID>
>      Sig:             <base64>

It might be a good idea to add a Start-Date: to both these forms.  This
date could mean either Issued-on: or Valid-from:.  If this field is added,
it would allow automatic override of an old certificate by a newer one.

SET uses a this protocol to revoke a Acquirer Payment Gateway certificate
when it has become compromised.  They issue a new certificate and
physically replace the secret key and the certificate in the gateway.  The
gateway sends the new certificate out whenever it is invoked to perform its
function.  The more recent Issue-date on the new certificate insures that
it replaces the old certificate in merchant and cardholder caches.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA

Prev by Date: Re: CYLINK's Support for Open Public Key Standards
Next by Date: No Subject
Prev by thread: Re: CYLINK's Support for Open Public Key Standards
Next by thread: Re: Need for Start Date
Index(es):
- Main
- Thread