RE: offline certificate validation

["Horvath, Tom" <Tom.Horvath@xxxxxxxxxxxxxx>]

Ivan,

The answer to your first question is no. In SRL version 2.3 and prior we
did not save objects retrieved from a URL in the local database. We have
already changed this for version 2.4 which will be available in the
April time frame. 

In response to your last question, the only way to consider expired data
valid is to set your system time back to the time period when the data
was still valid. I would only recommend this for testing purposes. 

Thanks,
Tom Horvath
DigitalNet

-----Original Message-----
From: Ivan Brozovic [mailto:ivan.brozovic@xxxxxxxxxxx] 
Sent: Thursday, December 18, 2003 11:15 AM
To: imc-cml@xxxxxxx
Subject: offline certificate validation



Hello.

Is it possible to validate certification path without fetching CRL
from CDP if I put valid CRL somewhere locally ?

I put all certificates and valid CRL into local database and set
SearchBounds to CM_SEARCH_LOCAL, but during validation process CML
connects to LDAP server. Why ? What is purpose of SearchBounds flag
then ?

Also, is it possible to verify signature/certificate if it was valid
at some other past time ? 

Thanks.

-- 
	Ivan Brozovic
	$mail='ivan.brozovic@xxxxxxxxxxx';
	$web='http://www.foi.hr/~ibrozovi';
	$ICQ=65431885; $geekcode='$web/geek.html';
$GnuPG='$web/pgp.html';