[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why is privateKeyUsagePeriod deprecated?

To: michael@xxxxxxxxxxxx, pgut001@xxxxxxxxxxxxxxxxx
Subject: Re: Why is privateKeyUsagePeriod deprecated?
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Thu, 24 Jul 2003 02:55:56 +1200
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

=?ISO-8859-1?Q?Michael_Str=F6der?= <michael@xxxxxxxxxxxx> writes:

>Personally I see no use of PKUP extension. How long signatures created with a
>private key associated with a PKC can be validated should not be specified in
>a public-key certificate. The more natural solution to me is to specify this
>in the policy and cryptographic protocol used for signing the message.

That would make it a CMS issue, which doesn't seem right.  It's the cert
that's expired, not the CMS signature.  In other words it doesn't matter what
sort of signing attributes you stick in the signature, the problem is that as
far as the cert-checking code is concerned, the cert has expired and is
therefore no longer allowed to be used.

Peter.

Prev by Date: Re: I-D ACTION:draft-ietf-pkix-certpathbuild-00.txt
Next by Date: Re: Why is privateKeyUsagePeriod deprecated?
Previous by thread: Re: Why is privateKeyUsagePeriod deprecated?
Next by thread: Re: Why is privateKeyUsagePeriod deprecated?
Index(es):
- Date
- Thread