At 10:07 PM +0100 1/12/09, Ian G wrote: > * RFC5280 is an implementation document and doesn't do > semantics much, if at all. > * It does not define the meaning of expiry or revocation. > * By _meaning_, I mean semantics, what outsiders should take > as the message being delivered, implying some hint as to > action.
So far, you are zero for three. RFC 5280 does indeed say what semantics a relying party should use with respect to things like revocation and expiration. (You did get as far as section 6, didn't you?) > * RFC5280 does suggest that they work together. I have no idea what this means. > * (I conclude that) RFC5280 suggests that: > > *revocation and out-of-validation have the same meaning*. Revocation is an action taken by a CA. Expiration happens when time elapses. Notice how different those are. I'm skipping the rest because it is clear we read the same base document completely differently. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
