RE: New Internet Draft on Non-Repudiation Requirements

["Nick Pope" <pope@xxxxxxxxxxx>]

Denis,

It is worth noting that in X.509 clause 11.2, note 2 states:

" If a non-repudiation of data service is dependent on keys provided by the
CA, the service should ensure that all relevant keys of the CA (revoked or
expired) and the timestamped revocation lists are archived and certified by
a current authority."

This has relevance to our current work together as well as this list.  I
believe that the word "timestamp"  refers to just a date a time value, not a
trusted timestamp produced by a timestamping authory.

Nick

> -----Original Message-----
> From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
> Sent: 01 September 1999 09:22
> To: tgindin@us.ibm.com
> Cc: ietf-pkix@imc.org
> Subject: Re: New Internet Draft on Non-Repudiation Requirements
>
>
> Tom,
>
> You said:
>
> >      I think that we should remember that the NR bit is
> supposed to cause CRL
> > archiving  as well.
>
> I am not sure what you mean by this statement. If you mean archiving
> by the CA that issued the CRL, then I disagree. If you mean
> archiving of CRL by the verifier when it first verifies the
> signature, then I agree (but this archiving is not triggered by the
> presence of the NR bit). But maybe you mean something else.
>
> Denis
>