From owner-spki@c2.net Mon Sep 28 08:28:42 1998 Received: from blacklodge.c2.net (blacklodge.c2.net [208.139.36.35]) by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) with ESMTP id IAA08054; Mon, 28 Sep 1998 08:28:40 -0400 (EDT) Received: (from majordom@localhost) by blacklodge.c2.net (8.8.8/8.7.3) id EAA14829 for spki-outgoing; Mon, 28 Sep 1998 04:35:55 -0700 (PDT) Message-ID: <360F80BA.7566CFF6@lcc.uma.es> Date: Mon, 28 Sep 1998 13:27:38 +0100 From: Antonio Mana Gomez Reply-To: amg@lcc.uma.es Organization: Universidad de Malaga (SPAIN) X-Mailer: Mozilla 4.02 [en] (Win95; I) MIME-Version: 1.0 To: Ben Laurie , Carl Ellison , spki@c2.net Subject: [Fwd: Revocation, etc...] References: <3.0.3.32.19980907034008.031048f8@spiritone.com> <35F46501.6E36E936@algroup.co.uk> <360761E6.B729F102@lcc.uma.es> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-spki@c2.net Precedence: bulk Ben and Carl, First of all thank you for your reply and comments. Ben Laurie wrote: > ... > Surely it is up to the relying party to decide when to do revalidations? > Of course, they should take the advice of the issuer :-) > I agree. > > Following the idea of Proposition 1 the acceptor can (should) set > the duration of the "unconditionally good" phase according to his needs. > Maybe I forgot to tell you that the original message was about security in the field of e-commerce, so when I wrote: > - About your proposal of introducing a new date in the certificate. > > In a practical situation, don't you think that in many cases the issuer > won't be able to give a "good-until" date? or, will that date be really > useful? If the "good-until" is very close to the "not-before" date the > situation will be the same as it was without this added date. > and > It introduces a security risk because once a certificate is issued > there is an interval of time that will allow a malicious user to > act freely whithout worriying about being discovered. In a digital > environment where the time scale is very small several minutes are > enough time to do a lot of transactions and therefore the mentioned > risk is not small. I was thinking about an e-commerce scenario. Best Regards, Antonio. ~~~~~ ( o o ) +------------------o000-----U------000o------------------+ ! _ , ! ! Antonio Mana Gomez eMail: amg@lcc.uma.es ! ! http://www.lcc.uma.es/~amg ! +--------------------------------------------------------+ ! Departamento de Lenguajes y Ciencias de la Computacion ! ! E.T.S.I.Informatica. Desp. 1.2.B.19 ! ! Campus de Teatinos. ! ! 29071 MALAGA (SPAIN) ! +--------------------------------------------------------+ ! Phone: (+34) 5 213 27 54 Fax: (+34) 5 213 13 97 ! +--------------------------------------------------------+ ! PGP KEY TYPE: ! ! DSS 2048 ! ! KEY FINGERPRINT: ! ! B4B3 ED6D 553F 7C99 9042 2AE0 C5A3 F47E 0180 2ACB ! ! KEY SERVER: ! ! Cert'eM at http://www.socrates.crypto.lcc.uma.es ! +--------------------------------------------------------+