IETF Logo Mail Archive

Re: [TSP] PKIStatus constants clarification

Denis Pinkas <Denis.Pinkas@bull.net> Thu, 19 December 2002 08:30 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA11597 for <pkix-archive@lists.ietf.org>; Thu, 19 Dec 2002 03:30:16 -0500 (EST)
Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id gBJ83iL01140 for ietf-pkix-bks; Thu, 19 Dec 2002 00:03:44 -0800 (PST)
Received: from odin2.bull.net (odin2.bull.net [192.90.70.84]) by above.proper.com (8.11.6/8.11.3) with ESMTP id gBJ83go01136 for <ietf-pkix@imc.org>; Thu, 19 Dec 2002 00:03:42 -0800 (PST)
Received: from clbull.frcl.bull.fr (clbull.frcl.bull.fr [129.182.8.31]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id JAA08292; Thu, 19 Dec 2002 09:04:55 +0100
Received: from bull.net (frcls4013.frcl.bull.fr [129.182.108.120]) by clbull.frcl.bull.fr (8.9.2/8.9.1) with ESMTP id JAA13854; Thu, 19 Dec 2002 09:03:54 +0100
Message-ID: <3E017D5B.1040509@bull.net>
Date: Thu, 19 Dec 2002 09:03:39 +0100
From: Denis Pinkas <Denis.Pinkas@bull.net>
Organization: Bull SA.
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en, fr
MIME-Version: 1.0
To: tho <thomas.fossati@tin.it>
CC: ietf-pkix <ietf-pkix@imc.org>
Subject: Re: [TSP] PKIStatus constants clarification
References: <20021218135331.A639@congo.homeunix.net> <3E009B94.2030309@bull.net> <20021218171228.B1173@congo.homeunix.net>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 7bit

Thomas,

Michael Aisenberg asked us to go off-line. Well, PKIX is an open discussion 
list. If a change has to be done on a document, it has to be openly discussed.

Now, having said this, Thomas, if my response below on that topic,
i.e. PKIStatus constants clarification, does not satisfy you,
please go off-line and copy my co-editors.

> Denis,
> 
> On Wed, Dec 18, 2002 at 05:00:20PM +0100, Denis Pinkas wrote:
> 
>>>- revocationWarning(4) 
>>>  The text says - pasting from rfc2510 -: "this message contains
>>>  a warning that a revocation is imminent.". 
>>>  Well, but revocation of what ?
>>
>>of the TSU certificate.
>>
>>
>>>- revocationNotification(5)
>>>  Again, revocation of what ? 
>>
>>of the TSU certificate.
>>
>>
>>>  Seemingly this could refer to the 
>>>  signing certificate, but how can I tell which certificate is 
>>>  since there is no means to identify it ?
>>
>>    Extract from RFC 3161: " The certificate identifier (ESSCertID) of the
>>    TSA certificate MUST be included as a signerInfo attribute inside a
>>    SigningCertificate attribute."
> 
> 
> rfc3161 says:
> 
>   "When the status contains the value zero or one, a TimeStampToken MUST
>    be present.  When status contains a value other than zero or one, a
>    TimeStampToken MUST NOT be present."
> 
> so in case of rejection(2), waiting(3), revocationWarning(4) and
> revocationNotification(5) the client has no ESSCertID back...

So what ? It says that the TSU certificate, whatever it is, is either going 
to be revoked or has been revoked.

Denis


> Thomas
>

v2.23.0 | Report a Bug | By Email