I meanwhile found a reference that uses the shell model validation without
naming it explicitly as shell model.
Document rfc5280 "Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile" explains in section 6 the
"Certification Path Validation".
Section 6.1.3. (a)(2) states that the timestamp of the validation(system date)
has to be within the validity period of all certificates in the validation path.
It uses the validation method that was named "shell model" in the referenced
presentation. Currently I do not have any references concerning the "chain"
validation model, however as the presentation was made by the Bundesnetzagentur
which is a state agency in Germany, I guess it is used.
The general question for us was which validation model shall we use for our
implementation. We will go for the shell model that is also used in the rfc5280.
Thanks for all the comments concerning this issue.
_________________________________________________________________
Connect to the next generation of MSN Messenger
http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline
_______________________________________________
Help-gnutls mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-gnutls
