[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Revoking opaque objects
Hello, I had a question about revoking and the state of opaque objects.
I understand that opaque objects can be revoked, but it doesn't
specifically say whether or not they can only be revoked with a
reason of compromised (via 'key compromise' or 'CA compromise'
reasons as per v1.3) or if they can also be revoked with other
revocation reasons as well. However, if they are revoked with
other revocation reasons, the spec suggests to place the object in
a deactivated state, and to set the deactivation date. Under
Appendix B. Attribute Cross-Reference, it seems that the
Deactivation Date applies to opaque objects, but that State does
not. However, in 3.27, it states that the Deactivation Date
applies to "All Cryptographic Objects, Templates" and in 3.22, it
states that the State applies to "All Cryptographic Objects". The
sections for Compromise Occurrence Date, Compromise Date, and
Revocation Reason all seem to apply to opaque objects, both in 3.*
and in the appendix. Basically, to summarize:
Thanks for your time and help, Alex Abell |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]