[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: Revocation, etc...]

Carl Ellison wrote:
>         The issuer needs to ask himself, "During what interval of time am I
> willing to let the verifier believe this certificate after I know it to be
> false?"  The answer to that question should give the validity period of
> either the cert or an on-line revalidation.  If the answer is exactly 0,
> then the issuer must demand one-time revalidations.

Surely it is up to the relying party to decide when to do revalidations?
Of course, they should take the advice of the issuer :-)



Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/

WE'RE RECRUITING! http://www.aldigital.co.uk/