Grace Period for XAdES
MURATA Makoto
eb2m-mrt at asahi-net.or.jp
Thu May 15 03:47:37 CEST 2014
Dear colleagues,
In the last teleconference, somebody asked why long-term
digital signature requires two steps.
I am not at all an expert, but I forwarded the question
to my colleagues. I learned that the "grace period" is
the reason. After completing the first step, we have to
wait for a while and then complete the second step.
The "grace period" is to make sure that revocation
information from the CA is appropriate.
Let me quote a few sentences from "Draft EN 319 132-1
V0.0.4 (2013-11)" of XAdES.
When using CRLs to get revocation information, a verifier
will have to make sure that he or she gets at the time of the
first validation the appropriate certificate revocation information
from the signer's CA. Usually this is done as soon as
possible, after the grace period, to minimize the time delay
between the generation and validation of the signature.
Regards,
Makoto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.vse.cz/pipermail/sc34wg4/attachments/20140515/91870c4b/attachment.html>
More information about the sc34wg4
mailing list