[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Validity periods can be handled more explicitly

> From: Hal Finney <hal@rain.org>
> One thing I don't understand in the explanation of X.509 validity periods.
> If the certificate only asserts that the binding(s) were valid at the
> moment the cert was signed, what does a certificate revocation mean?
> Is it (A) that the bindings are no longer believed to have been valid at
> the moment the cert was signed, or is it (B) that the bindings actually
> were valid beyond that moment, but they're not valid anymore now that
> the revocation has occured?  (Or (C) something else?)

Bob's explanation seemed eloquent, but perhaps not short, enough :-).
Revocation cannot in general mean (A), because revocations cannot be

The "invalidity date" in an X.509 CRL entry is an advisory indication
of, for example, the point at which a user believes his key was
compromised.  But allowing both 1) invalidity dates arbitrarily
far in the past, and 2) invalidity dates unconditionally revoking the
binding, would result in certification semantics useless for commerce.

Generally speaking, (B) is correct.  Revoking a certificate cannot be
used to repudiate a non-repudiable transaction.  But an invalidity date
in a CRL entry can be useful as a warning flag when processing
requested but not-yet-committed transactions.