IETF Logo Mail Archive

Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15

"Piyush Jain" <piyush@ditenity.com> Tue, 02 April 2013 17:36 UTC

Return-Path: <piyush@ditenity.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D21B321F8B64 for <pkix@ietfa.amsl.com>; Tue, 2 Apr 2013 10:36:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JCfYGGZAnuUq for <pkix@ietfa.amsl.com>; Tue, 2 Apr 2013 10:36:49 -0700 (PDT)
Received: from mail-gh0-f182.google.com (mail-gh0-f182.google.com [209.85.160.182]) by ietfa.amsl.com (Postfix) with ESMTP id E9A4A21F8B61 for <pkix@ietf.org>; Tue, 2 Apr 2013 10:36:48 -0700 (PDT)
Received: by mail-gh0-f182.google.com with SMTP id z15so99122ghb.41 for <pkix@ietf.org>; Tue, 02 Apr 2013 10:36:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-type:content-transfer-encoding :x-mailer:thread-index:content-language:x-gm-message-state; bh=+5yI0PG/1IqkGqVMXjZXno+S399kLOtNDme64VzAUpE=; b=nz4etkf3le0wC9Ds7DBu/FgUqyzXz0jMmCHePJuHB/m4GswiKBP2zgmXL5vLioDSQj rW+2xHFr7Gmnk5H0U7S70TJLoLA3p0SgkY5IMEp2Oj435w9Yb65zQHS+40feHENXoixO bUjjpqWnaHWXC9Yn4DawXYgS5sD9kof/Ooy6ky3y8YxqmNEOgdsjlG8P7EWe7swDKrcY v47eKOwe1zUQ4kb4xiEUJnIO1bhD7sG9Rr77BtExW2xlxkQGqzH2Kvcms3mSZm3YZBek c8ucKggsOo/FJFw9KzUgfXVX46OQNlJ5gzHW4rRJlDzJ+EozTY8kah0txEtg8Xt1xVog xwnw==
X-Received: by 10.236.188.97 with SMTP id z61mr15481697yhm.111.1364924208315; Tue, 02 Apr 2013 10:36:48 -0700 (PDT)
Received: from hp13 (75-25-128-241.lightspeed.sjcpca.sbcglobal.net. [75.25.128.241]) by mx.google.com with ESMTPS id t27sm4338336yhm.20.2013.04.02.10.36.46 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 02 Apr 2013 10:36:47 -0700 (PDT)
From: Piyush Jain <piyush@ditenity.com>
To: 'Andris Berzins' <pkix@inbox.lv>
References: <20130402161418.BA55B1A689@ld9781.wdf.sap.corp> <02dc01ce2fbf$e43a7b60$acaf7220$@ditenity.com> <1364921690.515b0d5a1192d@mail.inbox.lv>
In-Reply-To: <1364921690.515b0d5a1192d@mail.inbox.lv>
Date: Tue, 02 Apr 2013 10:36:37 -0700
Message-ID: <032a01ce2fc8$a229b4d0$e67d1e70$@ditenity.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQMDP5lUk3UQBdWu0ZEyPCb8b3cSogJtfkXbAgwDzxiWNUT18A==
Content-Language: en-us
X-Gm-Message-State: ALoCoQlJwJ8nicEqLbUoi/vGkHnvtwq42LeNRA3ZTvxsZwt7hj/T7cqPhLyxuGIQ9/hRBQu5Tnpv
Cc: 'Stefan Santesson' <stefan@aaa-sec.com>, sts@aaa-sec.com, pkix@ietf.org
Subject: Re: [pkix] review of draft-ietf-pkix-rfc2560bis-15
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2013 17:36:49 -0000

> 
> That would signal to relying party that relying party has received old
> information (old thisUpdate) and would query again on nextUpdate and
> again would get old response with old thisUpdate and so on.
> 
> thisUpdate and nextUpdate should be current time IMHO.

[Piyush] This is the intent.
The information is correct as of CA start validity time and can change anytime.

In this case the certificate is revoked since the CA came into being.
The only time when this information gets updates is when the certificate gets issued. At that time the response will contain thisUpdate and nextUpdate from the CRL.

v2.23.0 | Report a Bug | By Email