Re: Revocation time


        I'm flexible about this, depending on what the community wants.
        It would complicate CRL processing, becuase some entries might
        be pending and thus would require that one make subsequent
        passes or be able to mark cache entries with future revocation
        times.

I think we should follow X.509.  If a certificate is on the CRL then it is
revoked.  If it is not on the CRL, then it is not revoked.   This approach is
simple, and I prefer simple.  Until we have fielded X.500 drectories, the
distribution of CRLs will be complicated enough...

Russ

<Prev in Thread]	Current Thread	[Next in Thread>
Revocation time, Steve Dusse Re: Revocation time, Steve Kent Re: Revocation time, James M Galvin Re: Revocation time, Russ_Housley . McLean_CSD <= Re: Revocation time, vcerf Re: Revocation time, Charles W. Gardiner Re: Revocation time, Steve Kent Re: Revocation time, John Lowry

Previous by Date:	Re: Revocation time, James M Galvin
Next by Date:	Re: Revocation time, vcerf
Previous by Thread:	Re: Revocation time, James M Galvin
Next by Thread:	Re: Revocation time, vcerf
Indexes:	[Date] [Thread] [Top] [All Lists]