On 16/10/16 08:59, Adrian R. wrote:
> is this revival/un-revocation of an intermediary CA allowed by the
> BRs?

I agree that the wording is a little loose but I think the intended
purpose of the clause in question was as Peter interprets it - don't
remove things from OCSP or CRLs before their expiry date because relying
parties may want to continue to check their revocation status at any
time up to then.

I don't think it was intended to forbid the "un-revoking" of a
certificate. Whether or not that will even work properly in a given
situation is another question, but I think that's outside the scope of
the BRs.

dev-security-policy mailing list

Reply via email to