[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: OCSP and CSL

To: "'Mirko Tedaldi'" <mirko@xxxxxxxx>, Ilan Shacham <ilans@xxxxxxx>
Subject: RE: OCSP and CSL
From: Ambarish Malpani <ambarish@xxxxxxxxxxxx>
Date: Sat, 5 Feb 2000 12:02:33 -0800
Cc: ietf-pkix@xxxxxxx

Hi Mirko,
    Most commercial software does not remove expired, revoked
certs from their CRLs, but there have already been requests
for that behavior. Expect to see it in CA products this year.

Regards,
Ambarish

> -----Original Message-----
> From: Mirko Tedaldi [mailto:mirko@coine.it]
> Sent: Wednesday, February 02, 2000 6:36 AM
> To: Ilan Shacham
> Cc: ietf-pkix@imc.org
> Subject: RE: OCSP and CSL
> 
> 
> At 14.30 02/02/00 +0200, Ilan Shacham wrote:
> 
> >Section 3.3 of RFC 2459 clearly states:
> >         An entry may be removed from
> >    the CRL after appearing on one regularly scheduled CRL 
> issued beyond
> >    the revoked certificate's validity period.
> >
> >If you want to validate an "old" signature, all you have to do is
> >retrive the crl that was in order at the time of the signature, to
> >see if the certificate was valid at the time.
> 
> About it, do you know how commercial PKI softwares work? Do 
> they remove 
> expired certificates from CRL ?
> 
> Mirko Tedaldi.
>

Prev by Date: RE: OCSP and CSL
Next by Date: Re: LAST CALL:draft-ietf-pkix-time-stamp-05.txt
Previous by thread: RE: OCSP and CSL
Next by thread: Last chance to register for NDSS 2000
Index(es):
- Date
- Thread