[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Discussion of notareqs document

To: <ietf-ltans@xxxxxxx>
Subject: RE: Discussion of notareqs document
From: "Carl Wallace" <cwallace@xxxxxxxxxxxx>
Date: Wed, 3 Nov 2004 09:18:00 -0500
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-ltans/mail-archive/>
List-id: <ietf-ltans.imc.org>
List-unsubscribe: <mailto:ietf-ltans-request@imc.org?body=unsubscribe>
Sender: owner-ietf-ltans@xxxxxxxxxxxx
Thread-index: AcTBrcC3XNHtg6UsRr6NiWRQvBBhgAAAdc8w

> > The TAS could be configured to retrieve the CRLs shortly before and 
> > immediately after the expiration of each signer's certificate (to 
> > capture revocation events during the entire life of the 
> certificate).
> 
> I am discussing mostly time critical services. I do not know 
> what do you mean exactly here, since the lifetime of a 
> certificate can span for over 5 years and such archival 
> procedure is just not feasible. TAS must provide response in 
> a very short time (I imagine 24 hours is maximum for time 
> critical services).

I meant that collecting the CRL at the end of the certificate lifetime is a
good indication of revocation at any point in time.  Since the focus is
long-term verification, this information may be useful.  It is an extreme
way to deal with synchronization issues across mulitple CAs.  Given the
repeated reference to legislation and lack of technical mechanisms, this
seems to be a significant component of lta policy.

Follow-Ups:
- RE: Discussion of notareqs document
  - From: aljosa

References:
- RE: Discussion of notareqs document
  - From: aljosa

Prev by Date: RE: Discussion of notareqs document
Next by Date: RE: Discussion of notareqs document
Previous by thread: RE: Discussion of notareqs document
Next by thread: RE: Discussion of notareqs document
Index(es):
- Date
- Thread