My situation looks like this:
I have to verify signature on document. For this I will wait when next CRL will be published to check that involved certificate was not revocated. But what if certificate ends (notAfter from Validity of certificate) before next update of CRL?
Schematically:
- CRL publishing
- Signature creation
- Certificate expiration (notAfter time of certificate)
- CRL publishing
Suppose certificate was revocated between (1) and (4). I think it won´t be in CRL (4) because it is not valid any more. But in this type of scenario I can not validate signature, or can I?
Aucun commentaire:
Enregistrer un commentaire