5 Feb 2003 09:29
Re: Antwort: Re: Real-time Certificate Status Facility for OCSP - (RTCS)
Juergen Brauckmann <brauckmann <at> trustcenter.de>
2003-02-05 08:29:39 GMT
2003-02-05 08:29:39 GMT
Olaf.Schlueter <at> secartis.com wrote: > In Germany the german signature law is identifying a fourth case: Just a short note: All these issues with the German Signature Law "only" relate to qualified certificates. > 4. the cert is in the repository, but not active yet (cert invalid, maybe > valid in the future) > > This case is required (by law) if a CA issues not only certificates but > private keys as well to the end user. Think of a bank producing and > delivering a smartcard with keys and certificates on it to you. [...] > This may be handled by an "onHold" status on a > CRL but is currently deployed in Germany using white list technology. Or by simply not publishing it. Otherwise you will get a somewhat oversized CRL if your bank decides to issue 2 million new banking cards, all with "on hold" certificates. Makes validation a little bit slower than normalJuergen
RSS Feed