17 Apr
2014
17 Apr
'14
4:31 p.m.
On Thu, 17 Apr 2014, lleachii(a)aol.com wrote:
I also have an LoTW certificate; but you can't
verify a cert unless it's CA
is online. Last I checked, LoTW's CA wasn't.
That's not true, the CA does not have to be online at the moment of
validation. [1]
You just need to hold a copy of the CA's certificate (which contains the
certificate's public key). The actual validation is then with a bit of
cryptography - but you don't need to ask the CA for its opinion at that
point.
[1] Unless you wish to use OSCP for a real-time check for revocation of a
valid certificate, for example, in the case an amateur radio license would
have been revoked, or the CA would have accidentally granted a cert to a
non-ham. Alternative to this is that the CA can publish a revocation list,
which can be downloaded and then used off-line to check for revocation
status without asking the CA at the moment of verification.
- Hessu