[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Question on individual verification report
Detlef, While identifying test cases for this profile, I came to a point where I have some doubt...imagine the following situation: One simple signature to be verified. The signature does not contain signed or unsigned properties (no time-stamps, no attribute certificates, etc.). The CAs hierarchy is direct: RootCAOK -> CAAOK -> CABOK -> signing certificate. Now the individual report contains the DetailedSignatureReport element, with a CertificatePathValidity child. This one contains PathValidityDetail. This one contains several CertificateValidity children. Each CertificateValidity element contains a Certificate Status, and this one may contain RevocationInfo (optional). Well, imagine that the status of all the certificates is checked using CRL, this RevocationInfo would contain an CRLValidity element.... BUT...this CRLValidity element, has a mandatory CertificatePathValidity element, with all the aforementioned elements... Well, the issue is that in the CRL is issued by one of the CAs in the chain, and likely signed with the same certificate as the one used in the signing cerificate path...so its certificatePathValidity element would contain redundant information!!. Would not this justify to make these elements CertificatePathValidity optional? Regards Juan Carlos.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]