[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fwd: Revocation, etc...]
Ben and Carl,
First of all thank you for your reply and comments.
Ben Laurie wrote:
> ...
> Surely it is up to the relying party to decide when to do revalidations?
> Of course, they should take the advice of the issuer :-)
>
I agree.
>
> Following the idea of Proposition 1 the acceptor can (should) set
> the duration of the "unconditionally good" phase according to his needs.
>
Maybe I forgot to tell you that the original message was about security
in the field of e-commerce, so when I wrote:
> - About your proposal of introducing a new date in the certificate.
>
> In a practical situation, don't you think that in many cases the issuer
> won't be able to give a "good-until" date? or, will that date be really
> useful? If the "good-until" is very close to the "not-before" date the
> situation will be the same as it was without this added date.
>
and
> It introduces a security risk because once a certificate is issued
> there is an interval of time that will allow a malicious user to
> act freely whithout worriying about being discovered. In a digital
> environment where the time scale is very small several minutes are
> enough time to do a lot of transactions and therefore the mentioned
> risk is not small.
I was thinking about an e-commerce scenario.
Best Regards,
Antonio.
~~~~~
( o o )
+------------------o000-----U------000o------------------+
! _ , !
! Antonio Mana Gomez eMail: amg@lcc.uma.es !
! http://www.lcc.uma.es/~amg !
+--------------------------------------------------------+
! Departamento de Lenguajes y Ciencias de la Computacion !
! E.T.S.I.Informatica. Desp. 1.2.B.19 !
! Campus de Teatinos. !
! 29071 MALAGA (SPAIN) !
+--------------------------------------------------------+
! Phone: (+34) 5 213 27 54 Fax: (+34) 5 213 13 97 !
+--------------------------------------------------------+
! PGP KEY TYPE: !
! DSS 2048 !
! KEY FINGERPRINT: !
! B4B3 ED6D 553F 7C99 9042 2AE0 C5A3 F47E 0180 2ACB !
! KEY SERVER: !
! Cert'eM at http://www.socrates.crypto.lcc.uma.es !
+--------------------------------------------------------+
References: