Op 10/01/2013 19:07, Leonard Rosenthol schreef: > 1. "a valid CRL or OSCP response for every certificate" also includes > signatures over CRLs and OCSPs., not just the signature certificate. > > 2. LTV may be enabled when all collaterals are embedded in the > signatures and not DSS (I just fixed a bug that did not handle this case > correctly). In this case there may be no DSS. However, this is very > unusual, because signatures over CRLs and OCSPs do not contain embedded > rev info which is Adobe extension. Yet, this is a distant possibility. Thank you very much for this clarification!
In hindsight it's obvious that valid revocation info should be available for the certificates involved in signing the CRLs and OCSP responses, but I'm not sure if we took those into account. I think we did, but I'll definately have to check. ------------------------------------------------------------------------------ Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812 _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
