Revocation time


Steve,

A question about CRL's from the rfc 1114 sucessor, section 3.4.3.5.2
of the June 1991 draft...

  For example, the time and date
  specified might indicate when a private component was thought to have
  been compromised or it may reflect when the report of such compromise
  was reported to the CA.  For uniformity, this RFC adopts the latter
  convention, i.e., the revocation date specifies the time and date at
  which a CA formally acknowledges a report of a compromise or a change
  or DN attributes.


Can an issuer add a "pending" revocation to a revocation list ?  In
other words, if an issuer knows that Alice will be terminated on Feb.
15, can the issuer add Alice to the CRL published on Feb. 1 with a
revocation date for Alice of Feb. 15 ?  This seems like a reasonable
thing to do. We may, however, need to make explicit that simply
appearing on a CRL may not constitute revocation, perhaps the date of
revocation should be checked also.

Any thoughts ?

Steve

<Prev in Thread]	Current Thread	[Next in Thread>
Revocation time, Steve Dusse <= Re: Revocation time, Steve Kent Re: Revocation time, James M Galvin Re: Revocation time, Russ_Housley . McLean_CSD Re: Revocation time, vcerf Re: Revocation time, Charles W. Gardiner Re: Revocation time, Steve Kent Re: Revocation time, John Lowry

Previous by Date:	Getting started with PEM?, Tom Lunzer
Next by Date:	Re: Revocation time, Steve Kent
Previous by Thread:	Getting started with PEM?, Tom Lunzer
Next by Thread:	Re: Revocation time, Steve Kent
Indexes:	[Date] [Thread] [Top] [All Lists]