Revocation Checking : i read that the certifications will be checked(to see whether it has been cancelled) by checking the CRLs list. Where can i find this list?
ANSWER: The CRL typically resides on a server somewhere, and is accessible with an http URL. The URL is specified within the digital certificate itself. From an Acrobat point of view, when a CRL is acceesed during a revocation check, it may be cached on the client side. The cached CRLs are stored at:
C:\Documents and Settings\enteruserproflehere\Application Data\Adobe\Acrobat\9.0\Security\CRLCache
What is the concept behind Long Term Validity in Digital Signatures ES.
Long Term validation has to do with how are signatures validated many years down the road... When certificates expire (typically the validity period for a certificate is 1 year) the status of the signature can change. It does not mean that the signature is invalid, it just means that based on the current time, the certificate has expired and therefore this is reflected in the signature status. If the signature is validated in the future using "The time at which the signature was created" then it will report a Valid different status (assuming the document has not been tampered with.
The "time" used to validate signatures is a Preference setting in Acrobat and Reader (Edit > Preferences... > Security > Advanced Preferences... > Verification)
Thanks for the reply.
For long term validation, i understand that the certification validation preferences are given in individual's reader. Does it mean that the certification validation will be different for every user? (Assuming that the preferences are different).
1 person found this helpful
It is possible that in an uncontrolled environment, that the preferences in Reader\Acrobat could be set differently between users, however, when Reader\Acrobat are deployed in a controlled way, by an IT department for example, the install can be customized to ensure that the preferences are set consistently among all instances of Reader or Acrobat.
Also, in Reader\Acrobat 9.x, there is a way to load security configuration settings from a server. This config file can be changed and the changes will be refelected in the clients. This update can be set to be performed autonmatically and pre determined intervals (i.e. every week, every month) If you have version 9.x, you can check this option out under Edit >Preferences > Security > Load security settings from a server.
One last thing, Timestamps can be used as well. The timestamp (which comes from a timestamp server and itself is digitally signed) is embedded in the signature. The verification can also be set to use the timestamp to determine the time that the signature was applied (Edit >Preferences > Security > Advanced Preferences > Verification)