[Smcwg-public] Certificate Suspension
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Mon Aug 29 09:35:27 UTC 2022
The time-stamp issue is not related specifically on suspension but to
the revocation of the signing certificate in general. Current
implementations don't verify the "validity of the signature" based on
"signing time" in order for the recipient to check if the signing
certificate was valid at "signing time" but they check the validity of
the certificate at "checking time". This means that when a certificate
expires, or gets revoked after some good signatures were made, ALL
signatures become invalid, which some Subscribers and Relying Parties
find very annoying.
Dimitris.
On 29/8/2022 12:18 μ.μ., Stefan Selbitschka via Smcwg-public wrote:
>
> Hi,
>
> thanks Clint for bringing in the view of the consumer.
>
> I totally agree that without a "trusted" time stamping within email -
> which will not be the case any time soon - support of suspension does
> not make sense. As a consumer you have no idea when the signature it
> actually made and so the most accurate certificate validity is when
> you receive or display the email.
>
> regards
> stefan
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/smcwg-public
More information about the Smcwg-public
mailing list