[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: German Law and OCSP

To: ietf-pkix@xxxxxxx
Subject: Re: German Law and OCSP
From: Denis Pinkas <Denis.Pinkas@xxxxxxxx>
Date: Thu, 24 Feb 2000 16:04:45 +0100
Organization: Bull
References: <>

Stefan,

Thanks for your comment. See my comments next.
 
> Denis,
> 
> > > Once such a division is made technically, it was extended to the idea
> > > that a certificate should only be valid once it is inserted in the
> > > information service database.
> >
> > I do not understand. To be "valid" a certificate does not (even)
> > have to be published. It may be given back to the user who may
> > decide to send it to whatever entity he wishes.
> 
> you're certainly right. However, the German Digital Signature Act states:
> [from http://www.iid.de/rahmen/iukdgebt.html#a3]
> 
> § 5: Issue of Certificates
> 
> (1) The certification authority shall reliably establish the identity of persons applying for a
> certificate. It shall confirm the assignment of a public signature key to an identified person
> by a signature key certificate which, together with any attribute certificates, shall be kept
> available for verification and, with the consent of the owner of the signature key, for
> retrieval at all times and for everyone over publicly available telecommunication links.
> 
> The magic statement here is "...shall be kept available for verification...
> at all times...". Therefore, a certificate implicitly is valid once it is
> made available (from the CA's repository) for verification. 

The other magic statement is: "with the consent of the owner of the
signature key". If there is no such consent, then the statement does
not apply, hence there is no publication.

"kept available for verification" does not imply any publication. It
means that the AC must keep a local copy.

Besides the wording, the question was to understand the rational of
the model. The question is still pending ...

Regards,

Denis


> Like it or
> not (I don't) - that's the way the validity model was chosen to be. E.g., I've
> been issued one of the very few certificates issued according to the law
> but since it has not been published yet it is not valid in the sense
> of the law...
> 
> The law currently is under evaluation and will be revised later this
> year. It's highly unlikely that they're going to change this validity
> model, though.
> 
> Cheers,
> 
>         Stefan.
> 
> ______________________________________________________________________________
> Stefan Kelm            PGP key: "finger kelm@www.pca.dfn.de" or via key server
> DFN-PCA                                                      <kelm@pca.dfn.de>
> Vogt-Koelln-Str. 30                               http://www.pca.dfn.de/~kelm/
> 22527 Hamburg (Germany)                   Tel: +49 40 428 83-2262 / Fax: -2241

Follow-Ups:
- Re: German Law and OCSP
  - From: Michael Herfert

References:
- Re: German Law and OCSP
  - From: Stefan Kelm

Prev by Date: Re: Straw Poll: SerialNumber definition
Next by Date: Re: OCSP and German Law
Previous by thread: Re: German Law and OCSP
Next by thread: Re: German Law and OCSP
Index(es):
- Date
- Thread