IETF Logo Mail Archive

Re: Online Certificate Revocation Protocol

Massimiliano Pala <madwolf@hackmasters.net> Wed, 13 June 2001 13:47 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA23038 for <pkix-archive@odin.ietf.org>; Wed, 13 Jun 2001 09:47:16 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.3/8.11.3) id f5DD66r16861 for ietf-pkix-bks; Wed, 13 Jun 2001 06:06:06 -0700 (PDT)
Received: from mail.hackmasters.net (IDENT:postfix@[217.133.253.32]) by above.proper.com (8.11.3/8.11.3) with ESMTP id f5DD63J16856 for <ietf-pkix@imc.org>; Wed, 13 Jun 2001 06:06:03 -0700 (PDT)
Received: from hackmasters.net (galadriel.mpcnet.org [10.5.122.180]) by mail.hackmasters.net (Postfix) with ESMTP id 0FF593CEE for <ietf-pkix@imc.org>; Wed, 13 Jun 2001 16:11:22 +0200 (CEST)
Message-ID: <3B27662F.C25D0C3F@hackmasters.net>
Date: Wed, 13 Jun 2001 15:10:07 +0200
From: Massimiliano Pala <madwolf@hackmasters.net>
Reply-To: madwolf@openca.org
Organization: OpenCA
X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.18 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: ietf-pkix@imc.org
Subject: Re: Online Certificate Revocation Protocol
References: <99238659924582@kahu.cs.auckland.ac.nz>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha1"; boundary="------------ms313599A450BAFF1A7F6FC594"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
List-ID: <ietf-pkix.imc.org>

Peter Gutmann wrote:

> There's another revocation status which needs a way of indicating it which is
> somewhat trickier, I'll bring it up here in case anyone has any ideas:
> Sometimes a cert can be issued in error, what's needed here is a revocation
> reason which says that not only is the cert revoked, it should never be and
> was never valid at any time for any reason.  You can sort of achieve this by

In this case, when will br the entry removed from the CRL ? When the certificate
will be expired ?? Or should it be left in all future CRLs ?

-- 

C'you,

	Massimiliano Pala

--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]                madwolf@openca.org
                                                     madwolf@hackmasters.net
http://www.openca.org                            Tel.:   +39 (0)59  270  094
http://openca.sourceforge.net                    Mobile: +39 (0)347 7222 365

v2.23.0 | Report a Bug | By Email