On 16 okt 2014, at 16:58, Olafur Gudmundsson <[email protected]> wrote:
> If X@Y sends S/MIME signed message to DANE WG on January 20’th 2016.
> X@Y leaves Y on Feb 15’th 2016.
>
> Is there any value in being able to validate the signature when a document
> editor gets around to read the message March 15 2016 while updating the
> document referenced in the email to meet the ID deadline for IETF-95 ?
You basically want to know if certificate C was valid at time T. A CRL might
tell you when a certificate was revoked, whereas OCSP does not. Neither of the
proposals discussed in this group so far would help you with that either.
Paul and I advocate that SMIMEA will only tell you if a given certificate is
valid in real time (or in the proximity of). Others say an explicit revoked
flag would be useful.
I believe your question is interesting, but I suspect it is out of scope for
this group. If a given certificate is not valid, you can always go back to a
CRL (if one exists) and find out when it was revoked.
jakob
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
