Re: Revocation time

Steve,

        Well, the X.509 spec for CRLs says that they represent
certificates which HAVE been revoked, not ones which will be revoked
at some future time.  One might quibble over the wording, but I think
the intent was clear.  I admit that hot listing an employee entry
based on an agreed to termination date (for example) is convenient.

        I'm flexible about this, depending on what the community
wants.  It would complicate CRL processing, becuase some entries might
be pending and thus would require that one make subsequent passes or
be able to mark cache entries with future revocation times.

        What do other folks think?

Steve

<Prev in Thread]	Current Thread	[Next in Thread>
Revocation time, Steve Dusse Re: Revocation time, Steve Kent <= Re: Revocation time, James M Galvin Re: Revocation time, Russ_Housley . McLean_CSD Re: Revocation time, vcerf Re: Revocation time, Charles W. Gardiner Re: Revocation time, Steve Kent Re: Revocation time, John Lowry

Previous by Date:	Revocation time, Steve Dusse
Next by Date:	Re: Revocation time, James M Galvin
Previous by Thread:	Revocation time, Steve Dusse
Next by Thread:	Re: Revocation time, James M Galvin
Indexes:	[Date] [Thread] [Top] [All Lists]