Hi Martin,
I thought about the problems before posting - but I think that the status flag in the DB can not be used for such a time-critical or high-security application - you have a similar problem with just the "runtime" of a revoke action. I think that an application should verifiy the timestamp for itsself and does not need the OpenCA System for it - so I see the "expired" state as not that time-critical as we cannot accept the lag...
Of course downtimes must be detected and the appropriate Jobs run on startup.
Oliver
-- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
