<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
On 11/01/2012 11:50 AM, From Rob Stradling:
<blockquote cite="mid:509245FB.5060509@comodo.com" type="cite">On
31/10/12 20:44, Eddy Nigg (StartCom Ltd.) wrote:
<br>
<snip>
<br>
<blockquote type="cite">A revoked certificate can't be made valid
ever after
<br>
as long as it hasn't expired.
<br>
</blockquote>
<br>
Eddy, I completely disagree. RFC2560 very clearly states...
<br>
<br>
"The "revoked" state indicates that the certificate has been
revoked
<br>
(either permanantly or temporarily (on hold))."
<br>
<br>
In other words, RFC2560-compliant OCSP _always_ has the option of
changing a certificate's status from "revoked" to "good".
<br>
</blockquote>
<br>
Considering that the BR disallows suspension of certificates, I
believe the RFC in this respect isn't relevant. We might make this
cleared, but this would be my interpretation (even before the BR was
adopted).<br>
<br>
<br>
<div class="moz-signature">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
<br>
</body>
</html>