RE: [saag] X.509 certificate collision, via MD5 collisions

[Stephen Kent <kent@xxxxxxx>]

Title: RE: [saag] X.509 certificate collision, via MD5 collisions

At 8:15 PM -0500 3/4/05, Dave Engberg wrote:

>  
> I think
> Robert was using the formal RFC 2560 definition of
> "good":
> >    The "good"
> > state indicates a positive response to the status inquiry.
> >    At a minimum, this positive response indicates that the
> > certificate
> >    is not revoked, but does not necessarily mean that the
> > certificate
> >    was ever issued or that the time at which the response
> > was produced
> >    is within the certificate's validity interval.
> > [...]
> This is
> slightly different than the intuitive sense of good-ness, and I think
> it matches with your description.  Mr. Myers (et.al) could chime
> in, but I belive this definition was specifically chosen so that a
> responder could operate using only the CRL and not a DB of issued
> certs.  (Pre-signing aside.)
>

If that is the context in which to interpret "good," then no problem.

Steve