2 Replies Latest reply on Apr 17, 2017 2:06 PM by Tariq Dar

    Signature is not LTV or is it? -> When to use local ocsp cache... multiple documents opened

    raynor999999

      Hi,

       

      (using Adobe Acrobat Reader DC version 2015.023.20070)

       

      I'm doing some tests with digital signatures in a pdf. The signatures are done programmatically with third party libraries.

      There is something that i don't find right in the verification handling of the revoke status of the certificates in the chain.

       

      test 1. using the oscp for primary certificate and the crl's for the intermediates. both are embedded in the signature.

      opened in Adobe reader it says ".. is LTV enabled..."

       

      test 2. using crl for the whole certificate chain and is embedded in the signature.

      opende in Adober reader it says ".. is LTV enabled..."

       

      Now the same.. But

      opening the file from test 1 (LTV ok),

      keep open,

      open the file from test2 (LTV not ok)

       

      I understand this is not a normal usecase.

      But it's not ideal that having multiple files open in adobe influences the LTV status for a document.

       

      (i suppose it says ltv not enabled, because it uses the ocsp response in the local cache, instead of the crl that was embedded)

       

      Just for info. It can be confusing for developers.