[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Part1 last call comments

To: "'David Kemp'" <dpkemp@xxxxxxxxxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: RE: Part1 last call comments
From: "Jim Schaad" <jimsch5@xxxxxxxx>
Date: Tue, 27 Feb 2001 20:31:56 -0800
Importance: Normal
In-reply-to: <>
Reply-to: <jimsch@xxxxxxxxxx>


> -----Original Message-----
> From: David Kemp [mailto:dpkemp@xxxxxxxxxxxxxx]
> Sent: Monday, February 26, 2001 1:46 PM
> To: ietf-pkix@xxxxxxx
> Subject: Re: Part1 last call comments
>
>
>
> > From: "Jim Schaad" <jimsch5@xxxxxxxx>
> >
> > 4. Section 3.3 - Minor point,  in paragraph 4 - This should
> be "until all
> > existing CRLs expires" rather than "until the next periodic
> CRL update".  A
> > CRL may be valid for more than one issue period (i.e. issue
> every 12 hours,
> > expire after 24 hours).
>
>
> Jim,
>
> I disagree with this proposed change.  CRLs do not expire, they only
> have a next scheduled update date.  As section 3.3 paragraph 3 says,
> "the meaning of 'suitably-recent' may vary with local policy", and
> if one local policy says that CRLs which are issued every 12 hours
> don't expire until 24 hours after issue, fine.  A different local
> policy, however, might say that the identical CRL expires 13 hours
> after issue.
>

Dave,

Would the text "until all currently issued CRLs pass their nextUpdate." be
acceptable to you?  I merely want to reflect that there may be multiple
valid CRLs in existence, and until all of them have passed their nextUpdate
time a cached CRL can validly be expected to be used.

jim

References:
- Re: Part1 last call comments
  - From: David Kemp

Prev by Date: The Internet Security Conference 2001
Next by Date: I-D ACTION:draft-ietf-pkix-impersonation-00.txt
Previous by thread: Re: Part1 last call comments
Next by thread: Re: Part1 last call comments
Index(es):
- Date
- Thread