Re: [TSP] PKIStatus constants clarification

[Denis Pinkas <Denis.Pinkas@xxxxxxxx>]

Thomas,

Michael Aisenberg asked us to go off-line. Well, PKIX is an open discussion 
list. If a change has to be done on a document, it has to be openly discussed.

Now, having said this, Thomas, if my response below on that topic,
i.e. PKIStatus constants clarification, does not satisfy you,
please go off-line and copy my co-editors.

> Denis,
>
> On Wed, Dec 18, 2002 at 05:00:20PM +0100, Denis Pinkas wrote:
>
> > > - revocationWarning(4) 
> > >  The text says - pasting from rfc2510 -: "this message contains
> > >  a warning that a revocation is imminent.". 
> > >  Well, but revocation of what ?
> >
> > of the TSU certificate.
> >
> >
> > > - revocationNotification(5)
> > >  Again, revocation of what ? 
> >
> > of the TSU certificate.
> >
> >
> > >  Seemingly this could refer to the 
> > >  signing certificate, but how can I tell which certificate is 
> > >  since there is no means to identify it ?
> >
> >    Extract from RFC 3161: " The certificate identifier (ESSCertID) of the
> >    TSA certificate MUST be included as a signerInfo attribute inside a
> >    SigningCertificate attribute."
>
>
> rfc3161 says:
>
>   "When the status contains the value zero or one, a TimeStampToken MUST
>    be present.  When status contains a value other than zero or one, a
>    TimeStampToken MUST NOT be present."
>
> so in case of rejection(2), waiting(3), revocationWarning(4) and
> revocationNotification(5) the client has no ESSCertID back...

So what ? It says that the TSU certificate, whatever it is, is either going 
to be revoked or has been revoked.

Denis


> Thomas