Open ryancdickson opened 1 year ago
Unfortunately, invalidityDate is not widely used or supported, which is why backdated revocations are generally done using the revocationDate.
I do support additional clarity in this area, though, as the use cases for TLS are pretty limited.
-Tim
From: Ryan Dickson @.> Sent: Friday, June 16, 2023 10:28 AM To: cabforum/servercert @.> Cc: Subscribed @.***> Subject: [cabforum/servercert] Clarify when it's acceptable to "backdate" a CRL entry (Issue #437)
Background:
"Backdating the revocationDate field is an exception to best practice described in RFC 5280 (section 5.3.2); however, these requirements specify the use of the revocationDate field to support TLS implementations that process the revocationDate field as the date when the Certificate is first considered to be compromised."
Issue:
Proposal:
We should clearly define when it's acceptable to perform backdating. Known use cases include:
Goals for this update: reduce ambiguity and clarify expectations
— Reply to this email directly, view it on GitHubhttps://github.com/cabforum/servercert/issues/437, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AIFREHF5SRJAP43J32VV4JTXLRUNVANCNFSM6AAAAAAZJKZU5Q. You are receiving this because you are subscribed to this thread.Message ID: @.***>
Skipped during Server Certificate Working Group July 18, 2024.
Background:
"Backdating the revocationDate field is an exception to best practice described in RFC 5280 (section 5.3.2); however, these requirements specify the use of the revocationDate field to support TLS implementations that process the revocationDate field as the date when the Certificate is first considered to be compromised."
Issue:
Proposal:
Goals for this update: reduce ambiguity and clarify expectations