Configuration file specifying validity periods of CA certificates #46
Description
CA certificates may loose their validity before their "best before" date
because of compromise, cease of operation, etc. To properly validate signatures
using certificates issued by such CA we need to have file that can override the
validity periods of CA certificates.
What steps will reproduce the problem?
1. Have document signed using certificate issued by DigiNotar
2. The document was timestamped by VeriSign before DigiNotar compromise
What is the expected output? What do you see instead?
Document should be considered valid. It isn't because DigiNotar can't be in
trusted CAs.
Please provide any additional information below.
Related: issue 18 in practice, will be required for XAdES-A implementation.
Suggested file format: Trust Service List published by ETSI
http://www.etsi.org/deliver/etsi_ts/102200_102299/102231/03.01.02_60/ts_102231v0
30102p.pdf
Original issue reported on code.google.com by hubert.k...@gmail.com on 25 Sep 2012 at 12:52