[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Part1 last call comments

To: ietf-pkix@xxxxxxx
Subject: Re: Part1 last call comments
From: David Kemp <dpkemp@xxxxxxxxxxxxxx>
Date: Tue, 27 Feb 2001 11:09:38 -0500 (EST)
Reply-to: David Kemp <dpkemp@xxxxxxxxxxxxxx>

> From: Jean-Marc Desperrier <jean-marc.desperrier@xxxxxxxxxxxx>
> 
> This is not the date _at_ which the next revocation list will be issued, but
> _by_which the CRL is garanteed to have been issued.
> 
> This garantee covers the case where there's a problem and the
> issuance/propagation of the CRL is slightly delayed.


nextUpdate is the date _at_ which the next _scheduled_ CRL will be issued,
as opposed to unscheduled CRLs issued in response to, e.g., reported
key compromises.

X.509 says _by_ which in order not to preclude the issuance of
unscheduled CRLs.

I'm not going to quibble about whether a few wallclock minutes +/-
disqualifies a CRL from being issued "_at_" a specific time;  the
property of interest is that for a scheduled CRL, the "thisUpdate"
field exactly equals the "nextUpdate" field of the previous CRL in
the series.

Prev by Date: Re: Compile ASN.1 modules for CMP/CRMF
Next by Date: Re: Registering a Certificate Policy OID
Previous by thread: RE: Part1 last call comments
Next by thread: RE: Part1 last call comments
Index(es):
- Date
- Thread