[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: German Law and OCSP

To: "'Hesse, Johan'" <J.Hesse@xxxxxxxxxx>, Denis.Pinkas@xxxxxxxx, lioy@xxxxxxxxx, aberger@xxxxxxxxxxxxxxxx
Subject: RE: German Law and OCSP
From: Paul Halliden <PHalliden@xxxxxxxxxxxxx>
Date: Thu, 24 Feb 2000 16:52:50 -0000
Cc: ietf-pkix@xxxxxxx

> It seems that there are a lot of confusions regarding some terms 
> in the German Law.  
Agreed ;)

[snip]

> I think the confusion springs from legal terms. In the above 
> mentioned example the technical term of *valid* for a certificate 
> would be the moment of the signing with the signing key. 
Technically a certificate is valid from the date and time contained in the
ASN.1 element "notBefore" in the "Validity" sequence of the X.509 structure.
This may or may not be the time of signing by the CA.  Indeed, it may be
delayed with respect to time of signing to cope with the scenario you
describe in your later mail.  This is the same as the process known as "Thro
dating" used by credit card companies to protect against the risks you
mention.

> The legal term assumes the publishing of the certificate.
>
> Another misunderstanding seems to be the role of the CRL in German Law. 
> Antonio Lioy wrote (28.01.2000) "... the only legally binding way
> to prove that a cert was not valid at a certain date is to provide
> a CRL (or a CSL!!!) that includes it." The German Law requires
> only the *checkability* of the status of a certificate for anybody 
> to any time (§4 SigG). 
This is §5(1) in my (English) copy dated 1 August 1997.  Is there a later
version?  More importantly, it was explained to me that the German model
needed to know if a certificate was valid at the time that the corresponding
signature key was originally used and not at the time the request for
validation is performed.  This is because one might be checking a legal
document that is tens of years old.  Is that what you mean by "to any time"?

> The interoperability schemes (SigI A5) propose OCSP. 
As I understand it, OCSP is designed to tell you status now not status at
some previous date.  If so, is this another issue with German Law and OCSP?

> The status *suspension* isn't allowed according to the German Law, 
> in comparison with Italian law which requires a CRL (Art. 29 par. 3)
> and the possibility of suspension (Art. 33).
Do you have a reasonable English translation of the Italian law - or a link
to a translation?

Prev by Date: RE: Straw Poll: SerialNumber definition
Next by Date: RE: German Law and OCSP
Previous by thread: RE: German Law and OCSP
Next by thread: RE: German Law and OCSP
Index(es):
- Date
- Thread