[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why is privateKeyUsagePeriod deprecated?

To: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Subject: Re: Why is privateKeyUsagePeriod deprecated?
From: Stephen Kent <kent@xxxxxxx>
Date: Fri, 25 Jul 2003 13:45:54 -0400
Cc: pgut001@xxxxxxxxxxxxxxxxx, tgindin@xxxxxxxxxx, d.w.chadwick@xxxxxxxxxxxxx, ietf-pkix@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

At 21:02 +1200 7/25/03, Peter Gutmann wrote:

Tom Gindin <tgindin@xxxxxxxxxx> writes:

  The validity period for a certificate is the period of time from notBefore
  through notAfter, inclusive.  When an RP is validating the signature on a
  document which claims to have been signed or produced at a given past time,
  the RP SHOULD proceed with the verification of the signature if that time is
  within the validity period even though the time of verification is outside
  it. If the RP requires authoritative proof either of the time at which the
  document was signed or of the certificate's not having been revoked, it MAY
  reject the signature.

That works for me. Russ, any chance of getting this added to bride-of-3280?

Peter.

Peter,

Also, when we have SCVP in place, it make explicit provision for asking the "was it valid then" question, which would address this problem.

Steve

References:
- Re: Why is privateKeyUsagePeriod deprecated?
  - From: Peter Gutmann

Prev by Date: RE: Re: Why is privateKeyUsagePeriod deprecated?
Next by Date: I-D ACTION:draft-ietf-pkix-sonof3039-01.txt
Previous by thread: Re: Why is privateKeyUsagePeriod deprecated?
Next by thread: Re: Why is privateKeyUsagePeriod deprecated?
Index(es):
- Date
- Thread