My situation looks like this:
I have to verify signature on document. For this I will wait when next CRL will be published to check that involved certificate was not revoked. But what if certificate ends (notAfter from Validity of certificate) before next update of CRL?
Schematically:
- CRL publishing
- Signature creation
- Certificate expiration (notAfter time of certificate)
- CRL publishing
Suppose certificate was revoked between (1) and (4). I think it won´t be in CRL (4) because it is not valid any more. But in this type of scenario I can not validate signature, or can I?