[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Discussion of notareqs document
Quoting Carl Wallace <cwallace@xxxxxxxxxxxx>:
> > Well that is the general problem. Legislation states that
> > post-festum revocation is not allowed, meaning the time of
> > revocation can not be defined before the time when revocation
> > was requested. It may take some time before next CRL is
> > published, so when this information is published is the main
> > issue. If we consider that time stops at the time of
> > processing, some attestation could be produced. The practice?
> > I am not sure....
>
> CRLs do not provide a means of determining "when revocation was requested"
> vs. the revocation time included in the CRL. That must be enforced by the
> CRL issuer.
Sure, CRL only defines exact time when revocation occurred. If we could rely
that this happens in the line when CRL is issued (the very same moment) the
problem is solved. At least in theory...
> > Also, TAS performs its own validation at time T1 and by that
> > states that signature existed at T1. Post-festum validation
> > should only provide information that nothing really happened
> > before T1....
>
> OK, but a TAS may archive an invalid signature (or evidence of invalidity).
You are absolutely right here and this is another approach, but I guess user of
a "premium" service wants to have attestation of successful archiving ASAP
(next second??), and this is where my questions are targeted to.