|
About XML Digital
Signature,
To make a public key and its identification with a specific
subscriber readily available for
use in verification.
|
About XML Digital Signature, whether created by a subscriber to
authenticate a message or by a certification authority to authenticate
its certificate (in effect a specialized message) should be reliably
time stamped to allow the verifier to determine reliably whether the
digital
signature was created during the "operational period" stated in the
certificate, which is a condition upon verifiability of a digital
signature under these Guidelines and About XML Digital Signature.
The certificate may be published in a repository or made available by
other means. Repositories are online databases of certificates and other
information available for retrieval and use in verifying
XML signature.
Retrieval can be accomplished automatically by having the verification
program directly inquire of the repository to obtain About XML
Digital Signature and certificates as needed.
About XML Digital
Signature,
In other situations, a
certificate may be
reliable enough when issued but
come to be unreliable sometime thereafter.
|
Once issued, a certificate About XML
Digital Signature may prove to be unreliable, such as in situations
where the subscriber misrepresents his identity to the
certification
authority. If the subscriber loses control of the private key
("compromise" of the private key), the certificate has become
unreliable, and the certification authority (either with or without the
subscriber's request depending on the circumstances) may suspend
(temporarily invalidate) or revoke (permanently invalidate) the
certificate. Immediately upon suspending or revoking a certificate, the
certification authority must publish notice of the revocation or
suspension or notify persons who inquire or who are known to have
received a
digital
signature software verifiable by reference About XML Digital Signature
to the unreliable certificate.
|
|
