[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pki-tc] OCSP question
Stephen, >Given the legal (and medico-legal) issues involved in the above two cases, >I am certain there is a very strong business case for a service which can >tell the revocation status of a given certificate at any time in the past. I don't fully understand why the repository/notary cannot do the OCSP call and save the _signed_ validation result when the user's signature is supposed to be stored rather than relied upon. By saving CRLs or OCSP responses for the signature receive time, the need for "historical" validation services is eliminated as well as dependencies on "living" CAs. If you on top of that put time-stamps, possible re-signed every 10-20 years using the signing technology of that time, you have a sound foundation for cryptographically secured long-term storage of signatures and data. To my knowledge schemes like above is at least in current PKI literature considered as state-of-the-art.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]