[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Philosophical questions
1: Should a p-card STS generate a token for a revoked cert? Perform OCSP/CRL validation separate from the browser. 2: Should a p-card STS generate a token for an expired cert. If so which PPID alg should be used? Should it ignore the fact that it is expired and assume the user has overridden the browser for a good reason? Should it use case 3 even if it is a EV or other cert with a non empty O= but expired? 3: Should a p-card STS generate a token for a self signed cert, using Case 3 sec 7.6.1. I think 3 is a easy answer but 1 and 2 are more complicated especially if the STS may be running on w separate computer. Opinions welcome. John B.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]