blank.gif (43 bytes)

Church Of The
Swimming Elephant

3.3.6 Validity Period Connected: An Internet Encyclopedia
3.3.6 Validity Period

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1422
Up: 3. Architecture
Up: 3.3 Certificate Definition
Prev: 3.3.5 Issuer Name
Next: 3.3.7 Subject Public Key

3.3.6 Validity Period

3.3.6 Validity Period

A certificate carries a pair of date and time indications, indicating the start and end of the time period over which a certificate is intended to be used. The duration of the interval may be constant for all user certificates issued by a given CA or it might differ based on the nature of the user's affiliation. For example, an organization might issue certificates with shorter intervals to temporary employees versus permanent employees. It is recommended that the UTCT (Coordinated Universal Time) values recorded here specify granularity to no more than the minute, even though finer granularity can be expressed in the format. (Implementors are warned that no DER is defined for UTCT in X.509, thus transformation between local and transfer syntax must be performed carefully, e.g., when computing the hash value for a certificate. For example, a UTCT value which includes explict, zero values for seconds would not produce the same hash value as one in which the seconds were omitted.) It also recommended that all times be expressed as Greenwich Mean Time (Zulu), to simplify comparisons and avoid confusion relating to daylight savings time. Note that UTCT expresses the value of a year modulo 100 (with no indication of century), hence comparisons involving dates in different centuries must be performed with care.

The longer the interval, the greater the likelihood that compromise of a private component or name change will render it invalid and thus require that the certificate be revoked. Once revoked, the certificate must remain on the issuer's CRL (see Section until the validity interval expires. PCAs may impose restrictions on the maximum validity interval that may be elected by CAs operating in their certification domain (see Appendix B).

Next: 3.3.7 Subject Public Key

Connected: An Internet Encyclopedia
3.3.6 Validity Period


Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

Have you gone to church today?
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609