Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15
"Piyush Jain" <piyush@ditenity.com> Wed, 03 April 2013 15:11 UTC
Return-Path: <piyush@ditenity.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E5A221F8E87 for <pkix@ietfa.amsl.com>; Wed, 3 Apr 2013 08:11:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.035
X-Spam-Level:
X-Spam-Status: No, score=-1.035 tagged_above=-999 required=5 tests=[AWL=-1.631, BAYES_00=-2.599, DOS_OUTLOOK_TO_MX=1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_EQ_LT4=0.442, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d4JcU3wqBWJa for <pkix@ietfa.amsl.com>; Wed, 3 Apr 2013 08:11:20 -0700 (PDT)
Received: from mail-gg0-x22c.google.com (mail-gg0-x22c.google.com [IPv6:2607:f8b0:4002:c02::22c]) by ietfa.amsl.com (Postfix) with ESMTP id F0F4021F8CD2 for <pkix@ietf.org>; Wed, 3 Apr 2013 08:11:19 -0700 (PDT)
Received: by mail-gg0-f172.google.com with SMTP id f4so247019ggn.3 for <pkix@ietf.org>; Wed, 03 Apr 2013 08:11:09 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-type:content-transfer-encoding :x-mailer:thread-index:content-language:x-gm-message-state; bh=O5Bwi6UWk4doHIvu7/sIpB/X/IIHcbAI+DEgAnjDiJw=; b=KihJCqp9cDEmL5zjTD8jU6Ko0Q9ajUe09pbDdDESg3hfC87MtFr5HeUqHCj/S3OIYN L9STOyr2wYNZW+c88A0BwkhvhHA9hXbjde/Znz6rlyid4cKzFpSTCHOcSQ9r8Pl0fDec hTavOZwCxiivNhcP+dBjH0YzoUhFfvpzbXkaVfHMUTFbvTG35jeLgNqm4OPDCYvJKnBt EqcNHLlB83SjW4dUaGWQgSccF87ehvApfM5gz3FYTxnYzf9lwYpr7AzkSMPqP2hpqQri bpazF+IXcy1gikLEnoFxoH+AQv9+6YdYU6zMwLjfxWLxjyQWBruUvwf8KTFfCF9/S2yZ fb0g==
X-Received: by 10.236.134.38 with SMTP id r26mr1216725yhi.9.1365001869491; Wed, 03 Apr 2013 08:11:09 -0700 (PDT)
Received: from hp13 (75-25-128-241.lightspeed.sjcpca.sbcglobal.net. [75.25.128.241]) by mx.google.com with ESMTPS id a26sm10010567yhe.9.2013.04.03.08.11.07 (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 03 Apr 2013 08:11:08 -0700 (PDT)
From: Piyush Jain <piyush@ditenity.com>
To: 'Stefan Santesson' <stefan@aaa-sec.com>, mrex@sap.com, 'Peter Rybar' <rybar@nbusr.sk>
References: <004001ce3078$68344d70$389ce850$@ditenity.com> <CD820D21.5F464%stefan@aaa-sec.com>
In-Reply-To: <CD820D21.5F464%stefan@aaa-sec.com>
Date: Wed, 03 Apr 2013 08:10:58 -0700
Message-ID: <004b01ce307d$734c7980$59e56c80$@ditenity.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFtDo9MFUcS35HJ2TTSpaIO0kTwb5mG3JGw
Content-Language: en-us
X-Gm-Message-State: ALoCoQk9fkvJQJpuaZNXO+J2E7wOWNZBy0ZDXWKYtK3IkRbdeSNz0r1H0hTwsn+fiFMQHFn6JIpb
Cc: sts@aaa-sec.com, pkix@ietf.org
Subject: Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2013 15:11:20 -0000
My mistake. As Martin pointed out this applies to first CRL issued by the CA, and the semantics of OCSP this update do not apply to CRLs. > -----Original Message----- > From: Stefan Santesson [mailto:stefan@aaa-sec.com] > Sent: Wednesday, April 03, 2013 8:52 AM > To: Piyush Jain; mrex@sap.com; 'Peter Rybar' > Cc: 'Andris Berzins'; sts@aaa-sec.com; pkix@ietf.org > Subject: Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 > > On 4/3/13 3:34 PM, "Piyush Jain" <piyush@ditenity.com> wrote: > > >The subtle point you missed is that x.509 requires revocation date to > >be after thisUpdate > > You got that wrong. > > http://tools.ietf.org/html/rfc5280#section-5.1.2.4 > > http://tools.ietf.org/html/rfc5280#section-5.1.2.6 > > > Revocation date is the date on which the revocation occurred, which is earlier > than the time when the CRL, listing this revocation, was issued (thisUpdate). > > /Stefan >
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Peter Rybar
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Martin Rex
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Piyush Jain
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-1… Martin Rex
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Stefan Santesson
- Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15 Piyush Jain