From gvb Tue Jun 15 18:20:03 PDT 1993 remote from minerva.com
To: pem-dev(_at_)tis(_dot_)com
Reply-To: gvb(_at_)minerva(_dot_)com
From: bozo (Greg Bailey)
Subject: Re: CRL's redux
Date: Tue, 15 Jun 93 18:20:03 PDT
X-Mailer: Mail-it Version 1.11B5
Received: from minerva.com by med3.minerva.com ; Tue, 15 Jun 1993 18:29 PDT
Content-Type: text
Content-Length: 1413
Steve,
It seems selfevident that all the time delay Sead mentions
means is that we are living in the real world. As long as undetected
compromise of private parts is physically possible, by definition any
positive validation is only provisional pending possible future discovery
of the compromise, unless one has achieved absolute verification using
some out of band method. Not so?
However the provisional nature of the positive validation
hardly diminishes the usefulness of the negative, and the meaning of
plateaus such as positive validation of after-signing CRL's. How one
looks at it makes all the difference.
Just out of curiosity, if one is interested in catching the
after-signing CRL's as soon as possible in the normal case, can the
time at which this will be accomplished be predicted with any reliability
in context of the current design and conventions, in your opinion? Is
there actually any guarantee of currency for CRL's fetched through one's
CA, for example, as opposed to signed CRL's picked up through any other
means? Since time matters for reaching some of these plateaus, it might
be worthwhile to identify those events whose times are actually speci-
fied in any operationally useful terms.
Greg Bailey | ATHENA Programming, Inc | 503-621-3215 |
--------------- | 24680 NW Dixie Mtn Road | fax 621-3954 |
gvb(_at_)minerva(_dot_)com | Hillsboro, OR 97124 US |