At 2:48 PM -0800 1/12/09, Nelson B Bolyard wrote: >I explain it to people this way: The notAfter date is the date after which >the CA has no further obligation to report that the cert was ever revoked.
Yes, quite right. >(It actually is obliged to report revocation ONE more time after the >notAfter date, but that detail is not crucial to the understanding of >notAfter for most readers.) Not if you time your CRLs correctly. :-) _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
