Ives Steglich wrote:
with the note:
signature valid if the signature has been prior to expiration or suspending/revokation
and the statement the cert is not valid (expired) and red (suspended/revoked) anymore
with date of statuschange of course
with signature invalid:
if the signature has been issued after expiration date, suspend/revoke
and the note that the cert is invalid (expired, suspended, revoked) with date
so to the question of valid/invalid signatures: (just had some input from micha)
i'll try to put this a bit more ordered here:
a signature is valif if: - the cert is valid (and not suspended or revoked - this is special case)
a signature renders invalid if: - created outside cert lifetime (so before or after) - created with an suspended/revoked cert depending on reason
so there i think it may be necessary to introduce revocation groups
- one that renders all created signatures invalid
(like key stolen, lost, since the trust is broken)
- one that renders signatures invalid after suspend/revocation date
(like revoked because user wanted this by its own and there is
no emergency reason like in the above group)
so this group would just limit the lifetime of the cert
to put in relation to this
and which of those cases has openca to handle? commonly there will be only a realtime check - so no data with 'old' signatures will be verified
one case which may occur:
a operator signed a request (crr or csr) but the ca processes it after the end of lifetime of the operator certificate, so if we assume we would have a trusted timestamp there - we would have the case, the signature is valid, since the data and time of signing is inside the lifetime and therefore has to be rendered valid instead of what an 'realtime' check would get an invalid
at current state - the system would render the signature valid, because the expire check isn't implemented ;o) but if, than it would render it at the ca invalid, because the lifetime of operator certificate is exceeded...
i think, this problem will occur relativly seldom, so for the moment, this can be handeld as feature request? or should it get a bug? when to render signature invalid and so on... since the question of an trustworthy timestampservice is included there to and so on
so in general i would suggest: expired and suspended/revoked certs just render signatures invalid and we just check 'realtime' so like the signature would have just been made and gets now validated...
special cases get on the feature requests and are put for now to the known issues?
greetings
dalini
--
Ives Steglich Email: [EMAIL PROTECTED]
System Administration Tel.: +49 (0)3677 - 69 4382/4383
Fax: +49 (0)3677 - 69 4399Fraunhofer Institute for Digital Media Technology Langewiesener Strasse 22 98693 Ilmenau Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
