[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Online Certificate Revocation Protocol

To: "Ietf-Pkix" <ietf-pkix@xxxxxxx>
Subject: RE: Online Certificate Revocation Protocol
From: "Paul Gogarty" <p.gogarty@xxxxxxxx>
Date: Tue, 12 Jun 2001 16:10:32 +0100
Importance: Normal
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

In cases where keys are destroyed before their revocation date would it not
make more sense to place the certificate on hold (use a combination of
'Reason Code' and 'Hold Instruction Code' CRL entry extensions).

This allows the certificate to validate as part of a certification path or
for signature verification, but provides a date after which signatures from
the certificate should not be trusted and the encryption key should not be
used.

	Paul Gogarty
	ASN.1 Developer

	De La Rue InterClear Ltd.
	De La Rue House
	Jays Close
	Viables
	Basingstoke
	England
	RG22 4BS

	Fax: +44 (0)1256 487755
	Tel: +44 (0)7879 458416
	mailto:paul.gogarty@xxxxxxxxxxxxxxxx

	http://www.interclear.co.uk/

Follow-Ups:
- RE: Online Certificate Revocation Protocol
  - From: Carlin Covey

Prev by Date: RE: Online Certificate Revocation Protocol
Next by Date: RE: Online Certificate Revocation Protocol
Previous by thread: Re: Online Certificate Revocation Protocol
Next by thread: RE: Online Certificate Revocation Protocol
Index(es):
- Date
- Thread