Hello!
I agree to Stefan, I bet a box of beer that the "validity model" in the German Law won't change.
We accompanied TrustCenter which are conform to German Law and we saw that this validity model has an advantage (maybe this is the rational of the model). Since everyone seems to be unhappy with this validity model lets mention the advantage to the honour of the good old law.
But please don't flame me, because I'm sure that there are other (better?) possibilities.
The advantage is more or less of legal and/or organizational nature. If the CA signs a certificate, the PSE (e.g. your smart card with your *private* key) has to be delivered in a secure way to the owner.
In technical terms the certificate is almost valid (but not in legal terms). But the PSE hasn't handed out to the owner yet, - with all possibilities of abuse (I know there are ways to handle it in another way). But if you wait until the owner proofs that he received the PSE, to say the certificate is valid you avoid this insecure time gap. The validation is manifested by publishing the certificate.
So I hope you see the rational of this validity model.
Cheers,
Johan
P.s.: I wait if somone wants to bet. I propose we drink the beer together, - lets say at the CeBit 2001.
**************************************
Johan Hesse
secunet
Security Networks AG
Osterbekstraße 90b
22083 Hamburg
Tel : +49 (0)40/696599-12
Fax : +49 (0)40/696599-29
mailto:j.hesse@secunet.de
**************************************