I agree that the USER should have the control as to when
a certificate should be considered stale. I was trying to
be politically correct in my terminology, and obscured the
issue.
Since my RFCs are buried about 6" deep somewhere on
my desk (AKA Jurassic Park), perhaps you can confirm
whether or not we need to do anything to the RFCs
to at least permit the implementation of my recommendations.
I am presently assuming that we can handle them all with PCA
policy agreements.
BTW - can anyone remember where the one month
period for CRL issuance ever arose? Is it specifically
mentioned or codified anywhere, or was it just a
common assumption?
It would be useful to know whether other CAs and/or
PCAs would agree with the 1 week nominal, 2 week
maximum interval between CRLs, at least for commercial
PCAs. (I wouldn't expect it of a Persona CA or PCA, and
maybe not for students. I WOULD expect it to apply to
general unaffiliated (residential) users, however.
Bob