The document should be improved to cover both of these features and point out the issues associated with them. Does anyone have any better words than "publishing interval" (frequency?) and "cautionary period" (latency?) for these things?
Olle, I agree with you in that, when talking about CRLs, the cautionaryPeriod interval theoretically corresponds to the frequency at which CRLs are supposed to be published. However, in practice many CAs publish a new CRL as soon as they revoke or suspend a new certificate, independently of the refreshment frequency published. On the other hand, when using OCSP, the thisUpdate and nextUpdate interval does not have the meaning of frequency because the usage of such mechanism does not imply publishing responses at periodic intervals of time. Therefore, in the case of OCSP, the interval does not necessarily correspond with the interval set by any CRL. Instead, it can be set/used to give an idea of the precision of the response being provided (which, as we already mentioned, depends on the quality of the connection set between a CA and the OCSP) If the term cautionaryPeriod is confusing maybe we could name it precisionInterval. But in any case, we believe that it is important to introduce such term in the document. Oscar