On Mar 8, 2005, at 3:29 PM, Jim Fenton wrote:
Yes, it is. Since we lost the context here, we're discussing the idea
of re-checking the revocation indicator when the message is read. The
message may be read well beyond the validity of the signature, which
is the scope of replay. It isn't necessarily a problem keeping the
revocation IDs a long time, but it isn't obvious how long that is.
You are suggesting that a device designed to protect a signed message
from replay is not very good outside the scope of the signed message.
I agree because it wasn't meant to be. If a message is being
authenticated after its signing key is no longer valid, replay is
likely a minor concern among many thornier issues.
-andy