>Thus, the CA is the only one who takes actions related to its
>commitment to the binding. (Others may choose to disbelieve a given
>binding, either via not accepting the CA's statements or by
>specifically distrusting a specific statement; the latter can be done
>via a private OCSP responder am
Time marches on, and does not (and cannot) act on its own. Only
things which exist in time can act, and time is the process by which
cause and effect are separated.
Since nobody can hold Time to any form of standard, except that it is
agreed as a matter of policy to describe points in time in a
u
At 2:48 PM -0800 1/12/09, Nelson B Bolyard wrote:
>I explain it to people this way: The notAfter date is the date after which
>the CA has no further obligation to report that the cert was ever revoked.
Yes, quite right.
>(It actually is obliged to report revocation ONE more time after the
>notAft
Paul Hoffman wrote, On 2009-01-12 14:16 PST:
> At 1:42 PM -0800 1/12/09, Kyle Hamilton wrote:
>> It's basically saying, "I attest to the validity of this binding until
>> this date, *unless something extraordinary happens in the meantime*."
>
> No, that's *way* too strong. The meaning of the notA
On 01/13/2009 12:12 AM, Ian G:
1. expiration means approx the same thing as revocation,
2. if you want to define it differently, do it in the CPS,
3. but it is pointless and distracting to do that,
4. nobody else will likely support your difference.
Good analysis!
--
Regards
Signer: Eddy Ni
At 1:42 PM -0800 1/12/09, Kyle Hamilton wrote:
>Technically, 'expiration' is also an action taken by the CA.
No, it is an action taken by time passing. When the time in the univers is the
same as the time listed as "notAfter" in the cert, the cert expires. That's it.
>It's
>basically saying, "I
On 12/1/09 22:20, Paul Hoffman wrote:
At 10:07 PM +0100 1/12/09, Ian G wrote:
* RFC5280 is an implementation document and doesn't do
semantics much, if at all.
* It does not define the meaning of expiry or revocation.
* By _meaning_, I mean semantics, what outsiders should take
On 01/12/2009 11:42 PM, Kyle Hamilton:
Remember, *everything* in the certificate is an action of the CA. It
is the final actor in the creation of the certificate, and it is the
final actor in the revocation of the certificate.
That's correct for the CA, the UI suggests something else which J
At 10:07 PM +0100 1/12/09, Ian G wrote:
> * RFC5280 is an implementation document and doesn't do
> semantics much, if at all.
> * It does not define the meaning of expiry or revocation.
> * By _meaning_, I mean semantics, what outsiders should take
> as the message being delivered, im
Technically, 'expiration' is also an action taken by the CA. It's
basically saying, "I attest to the validity of this binding until this
date, *unless something extraordinary happens in the meantime*."
They really do have the same meaning -- that the CA is not willing to
attest to the identity bi
On 12/1/09 19:26, Paul Hoffman wrote:
At 1:52 PM +0100 1/12/09, Ian G wrote:
These are word games. What is the definition of these words? If you look in
the RFCs, likely (I have not, please correct me if I am wrong)
A better idea would be for all of us to read them and point out where in th
At 1:52 PM +0100 1/12/09, Ian G wrote:
>These are word games. What is the definition of these words? If you look in
>the RFCs, likely (I have not, please correct me if I am wrong)
A better idea would be for all of us to read them and point out where in the
document it says something.
For exam
12 matches
Mail list logo
