[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IETF-PKIX] OCSP Status Information on a Certificate

To: ietf-pkix@xxxxxxx
Subject: Re: [IETF-PKIX] OCSP Status Information on a Certificate
From: dpkemp@xxxxxxxxxxxxxx (David P. Kemp)
Date: Tue, 28 Apr 1998 15:32:13 -0400
Sender: owner-ietf-pkix@xxxxxxx

> From: Marc Branchaud <marcnarc@xcert.com>
> 
> So I guess (unless I've forgotten someone) that the tally now stands at:
> 
> 	Issued / Revoked / Expired == 1
> 	Revoked only == 0
> 	Abstain == 1
> 

Add one for Revoked only, or add a new category Revoked / Expired.

As before, I don't see any rationale for Issued.

Expired could be useful if one assumes that the client does not have
a reliable clock, that the responder does have access to a trusted
time source, and that the RP uses OCSP for every verification.

Last month my wife's PC started dating files sometime in 2003 for no
apparent reason.  The lithium battery was fine, the clock has been
fine since we reset it, and the machine doesn't have a modem installed
so it's never been exposed to hackers on the net.  Gamma rays, I guess.
Anyway, OCSP Expired status may be useful.

Prev by Date: OCSP status tally
Next by Date: Re: OCSP status tally
Previous by thread: Re: [IETF-PKIX] OCSP Status Information on a Certificate
Next by thread: [IETF-PKIX] Types of OCSP Responders
Index(es):
- Date
- Thread