<philosophical stuff elided> >Thus, the CA is the only one who takes actions related to its >commitment to the binding. (Others may choose to disbelieve a given >binding, either via not accepting the CA's statements or by >specifically distrusting a specific statement; the latter can be done >via a private OCSP responder among other things.)
Fully agree. >In any case, I don't buy your statement "action taken by time >passing". And "the time in the universe" is a policy, nothing more. Sure, whatever. If you want to view this only from the side of the CA, and not the side of the relying party, you can: many of us want to develop services that support both sides. >On a related subject, what precisely can be gleaned from RFC3280 (and >RFC5280)'s statements about what actions a CA under PKIX commits to >performing, over what period of time? "Precisely"? Not much. My first cut is: - Commits to following its own CPS - Commits to providing revocation information in CRLs Maybe that's all. Or maybe I am missing a lot. This would be a great question for the PKIX WG. I bet three people will come up with three different lists, all of them right and incomplete. You could take a union. Heck, you could write a new document with a summary; it would be quite useful. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
