[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Validity periods can be handled more explicitly



One thing I don't understand in the explanation of X.509 validity periods.
If the certificate only asserts that the binding(s) were valid at the
moment the cert was signed, what does a certificate revocation mean?

Is it (A) that the bindings are no longer believed to have been valid at
the moment the cert was signed, or is it (B) that the bindings actually
were valid beyond that moment, but they're not valid anymore now that
the revocation has occured?  (Or (C) something else?)

Thanks,
Hal Finney