[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

validity period intersections

In the interests of keeping things simple, I propose we *not* permit
<online-test>* .

It is not strictly needed.  Each online test yields a not-after datime when 
it is executed.  Those dates can be combined in the normal way to yield a 
(not-after)-limited certificate result which can then be made into a 
certificate with no online tests (or at most one).

 - Carl


At 12:31 PM 4/1/97 -0500, Carl Ellison wrote:
>At 11:10 AM 4/1/97 -0500, Marc Branchaud wrote:
>>Permitting <online-test>* opens up the can of worms of how to combine the
>>tests.  Taking the interesection means that they would always be ANDed,
>>but is that flexible enough?
>
>I believe it is.  Each online test response carries its own validity 
>interval (a simple one, in terms of not-after datime or lifetime (duration 
>from the time of the request, to be added to the caller's clock to get 
>not-after datime)).  All of these not-after datimes are intersected with any 
>from the certificate itself.
>
>I've just added notes about that to my copy of the draft.
>
> - Carl
>
>
>+------------------------------------------------------------------+
>|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
>|CyberCash, Inc.                      http://www.cybercash.com/    |
>|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
>|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
>+------------------------------------------------------------------+
>
>
>

+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+