[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Invalidity Dates

To: Mary_Ellen_Zurko@xxxxxxxx
Subject: Re: Invalidity Dates
From: David Solo <david.solo@xxxxxxxxxxxx>
Date: Mon, 14 Dec 1998 14:43:17 -0500
Cc: Stephen Kent <kent@xxxxxxx>, Dan Geer <geer@xxxxxxxxxxxxx>, ietf-pkix@xxxxxxx
Organization: Citicorp
References: <>
Reply-to: david.solo@xxxxxxxxxxxx
Sender: owner-ietf-pkix@xxxxxxx

MEZ,

I think you may be mixing two dates.  There is a revocation date in the
standard CRL entry.  This is the date assigned by the CA as logically
having added the entry and so may not predate the last CRL.  The
invalidity date is a CRL entry extension which is supplied by the user
(probably) and reflects the suspected date of compromise/loss/etc. 
There is no constraint on the invalidity date (it can definitely precede
the last CRL).

Dave

Mary_Ellen_Zurko@iris.com wrote:
> 
> Thanks Steve and Dan. Is anyone willing to speak up on behalf
> of not letting a user indicate an invalidity date previous to the
> current CRL? Because the spec seems to be indicating that
> that should be the disallowed, but I haven't heard any strong
> reason for restricting the user to that. Which makes me worried
> that I'm missing something.
>      Mez

References:
- Re: Invalidity Dates
  - From: Mary_Ellen_Zurko

Prev by Date: Re: Invalidity Dates
Next by Date: Re: Invalidity Dates
Previous by thread: Re: Invalidity Dates
Next by thread: Re: Invalidity Dates
Index(es):
- Date
- Thread