[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fwd: Revocation, etc...]
Carl Ellison wrote:
> The issuer needs to ask himself, "During what interval of time am I
> willing to let the verifier believe this certificate after I know it to be
> false?" The answer to that question should give the validity period of
> either the cert or an on-line revalidation. If the answer is exactly 0,
> then the issuer must demand one-time revalidations.
Surely it is up to the relying party to decide when to do revalidations?
Of course, they should take the advice of the issuer :-)
Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: firstname.lastname@example.org |
A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/
London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/
WE'RE RECRUITING! http://www.aldigital.co.uk/