On Thu, 17 Apr 2014, lleachii@aol.com wrote:
I also have an LoTW certificate; but you can't verify a cert unless it's CA is online. Last I checked, LoTW's CA wasn't.
That's not true, the CA does not have to be online at the moment of validation. [1]
You just need to hold a copy of the CA's certificate (which contains the certificate's public key). The actual validation is then with a bit of cryptography - but you don't need to ask the CA for its opinion at that point.
[1] Unless you wish to use OSCP for a real-time check for revocation of a valid certificate, for example, in the case an amateur radio license would have been revoked, or the CA would have accidentally granted a cert to a non-ham. Alternative to this is that the CA can publish a revocation list, which can be downloaded and then used off-line to check for revocation status without asking the CA at the moment of verification.
- Hessu