[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Discussion of notareqs document

To: ietf-ltans@xxxxxxx, aljosa@xxxxxxxxx
Subject: RE: Discussion of notareqs document
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Wed, 3 Nov 2004 19:00:20 +0100 (MET)
List-archive: <http://www.imc.org/ietf-ltans/mail-archive/>
List-id: <ietf-ltans.imc.org>
List-unsubscribe: <mailto:ietf-ltans-request@imc.org?body=unsubscribe>
Sender: owner-ietf-ltans@xxxxxxxxxxxx

> 
> >
> > Aleksej,
> >
> > The archive package should contain the CRL used to verify the transaction.
> > That coupled with other times will show when the transaction was received
> > and processed.
> >
> > When speed is of not essence, the relying party can always wait for a CRL
> > issued after the transaction was received to verify.  This will ensure that
> > the certificate was not revoked in the interim.  Relying party can use the
> > later CRL for archiving the transaction.

IMO opinion it doesn't give additional value waiting for a new CRL without 
doing anything in the meantime. If the *impact/effect* of the signatures in question
are not  confronted to the user in some way, a user may not even think about 
the possibility to revoke a cert. (I am talking about a signature
made at distance.)

Then there are also consumer rights with delays. The fact that a signature
has been validated with this or that CRL probably doesn't influence at all
the rights, even if the signature is proven valid, 100% safe or whatever.
(Well the latter was the dream of the banks and merchants).

The user does not have to revoke a cert, he can 'revoke/repudiate' the action
or document.

Prev by Date: Re: I-D ACTION:draft-ietf-ltans-reqs-03.txt
Previous by thread: RE: Discussion of notareqs document
Next by thread: Re: XAdES questions
Index(es):
- Date
- Thread