"René G. Eberhard" wrote:
>
> > But if you remove a revoked certificate from the list, how you can
> > remember
> > the validity period of a certificate ?
>
> It is removed after expiration. And you always remember the validity
> of the period becuase (I hope) you somewhere have a log.
>
> Regards Rene
>
If you are a CA this is the scenario, but if you are an user Mouse that
has received from user Mickey a document signed before the revocation of
the certificate and one after the revocation, how you can verify that
the first is valid and the second not ?
The timestamping can help you in the secure determination of the signing
time, but you need a method to verify the temporal validity of the
certificate against a possible revocation by the CA or the user Mickey.
The "CRL" growth problem is there, i think....
Bye.
--
Dott. Sergio Rabellino
Technical Staff
Department of Computer Science
University of Torino (Italy)
Member of the Internet Society
http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
