From owner-spki@c2.net Mon Sep 7 19:20:20 1998 Received: from blacklodge.c2.net (blacklodge.c2.net [208.139.36.35]) by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) with ESMTP id TAA06829; Mon, 7 Sep 1998 19:20:19 -0400 (EDT) Received: (from majordom@localhost) by blacklodge.c2.net (8.8.8/8.7.3) id PAA11238 for spki-outgoing; Mon, 7 Sep 1998 15:58:37 -0700 (PDT) Message-ID: <35F46501.6E36E936@algroup.co.uk> Date: Mon, 07 Sep 1998 23:58:09 +0100 From: Ben Laurie Organization: A.L. Group plc X-Mailer: Mozilla 4.06 [en] (WinNT; I) MIME-Version: 1.0 To: Carl Ellison CC: amg@lcc.uma.es, spki@c2.net Subject: Re: [Fwd: Revocation, etc...] References: <3.0.3.32.19980907034008.031048f8@spiritone.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-spki@c2.net Precedence: bulk Carl Ellison wrote: > The issuer needs to ask himself, "During what interval of time am I > willing to let the verifier believe this certificate after I know it to be > false?" The answer to that question should give the validity period of > either the cert or an on-line revalidation. If the answer is exactly 0, > then the issuer must demand one-time revalidations. Surely it is up to the relying party to decide when to do revalidations? Of course, they should take the advice of the issuer :-) Cheers, Ben. -- Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/ and Technical Director|Email: ben@algroup.co.uk | A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/ London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/ WE'RE RECRUITING! http://www.aldigital.co.uk/