[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OCSP and LDAP

To: Massimiliano Pala <madwolf@xxxxxxxxxxxxxxx>
Subject: Re: OCSP and LDAP
From: chris.gilbert@xxxxxxxxxxxxx
Date: Mon, 6 Jan 2003 14:15:46 +0000
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx





> But this, in some environment it is not possible. Let's say the
> CA is in a timed controlled access, unavailable from 8pm to 8am
> (for different reasons, i.e. security, lack of personnel, etc.. )
> and a user asks for revocation at 9pm, should we let the certificate
> being reported as valid till 8am ?

Then the certificate policy under which the EE cert was issued
is inappropriate for the use to which the certificate itself is
being put. If the EE requires up-to-the-minute revocation
information to be available to it's correspondents then it
should make sure it is using a CA that can fulfil these
requirements. Legality first, technology second.

Chris



This  email  and  any  attachments  are confidential and intended for the addressee
only.   If  you are not the named recipient, you must not use, disclose, reproduce,
copy  or  distribute the contents of this communication.  If you have received this
in error, please contact the sender and then delete this email from your system.

Follow-Ups:
- Re: OCSP and LDAP
  - From: Massimiliano Pala

Prev by Date: Re: OCSP and LDAP
Next by Date: Re: OCSP and LDAP
Previous by thread: Re: OCSP and LDAP
Next by thread: Re: OCSP and LDAP
Index(es):
- Date
- Thread