[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Discussion of notareqs document
Quoting Carl Wallace <cwallace@xxxxxxxxxxxx>:
>
> > > The TAS could be configured to retrieve the CRLs shortly before and
> > > immediately after the expiration of each signer's certificate (to
> > > capture revocation events during the entire life of the
> > certificate).
> >
> > I am discussing mostly time critical services. I do not know
> > what do you mean exactly here, since the lifetime of a
> > certificate can span for over 5 years and such archival
> > procedure is just not feasible. TAS must provide response in
> > a very short time (I imagine 24 hours is maximum for time
> > critical services).
>
> I meant that collecting the CRL at the end of the certificate lifetime is a
> good indication of revocation at any point in time. Since the focus is
> long-term verification, this information may be useful. It is an extreme
> way to deal with synchronization issues across mulitple CAs. Given the
> repeated reference to legislation and lack of technical mechanisms, this
> seems to be a significant component of lta policy.
OK, understand and agree on that. But the "premium" service is still a problem.
Some (business) scenarios are build around short lifetimes of documents (e.g.
tax declaration, valid for one year). This approach fails. I thnik we should
expose the problem in some of the documents and at least provide conceptual
approaches (or limitations) to solve them.