[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Re: Why is privateKeyUsagePeriod deprecated?

To: aarsenau@xxxxxxx, diegofv@xxxxxxxxxxx
Subject: RE: Re: Why is privateKeyUsagePeriod deprecated?
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Thu, 24 Jul 2003 14:40:15 +0200 (MEST)
Cc: pgut001@xxxxxxxxxxxxxxxxx, Denis.Pinkas@xxxxxxxx, ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


I am not sure that a relyaing party can always assume 
that a signing device is not cheating concerning the
key usage period, i.e., to determine whether the
key has be used before the PKUP end. 

The certificate validation procedures do not
imply in any case that a PKUP is checked, and
signature validation procedures are ... where are
they?

IMO, a useful PKUP is for the signing device as
Greg Chodov inidicates to inform the signer at least that

' You signature key is not to be supposed anymore, 
  if you insist signing with it, the relying parties
  may not be able to validate it before expiration of
  the cert. '

Whether the signer device allows to sign anyway or
not is another question. 

Without a PKUP, a nice user agent may indcate in
a global way: 'You cert is going to expire in n days',
but since this information is part of a policy,
the delays may be different, ...

Peter

Digital signatures are for authentication in space, not in time.

Prev by Date: RE: I-D ACTION:draft-ietf-pkix-warranty-extn-03.txt
Next by Date: Re: draft minutes
Previous by thread: RE: Re: Why is privateKeyUsagePeriod deprecated?
Next by thread: Re: Why is privateKeyUsagePeriod deprecated?
Index(es):
- Date
- Thread