Profile History/Version support

[grandamp]

Depending on the date of issuance, a sample certificate may conform to a prior version of a certificate profile.

Will older certificates be measured against the current profile, or the profile in effect the date of issuance?

[djpackham]

@grandamp

• FYI, we are developing the certificate profile templates in a way that it will be quick and easy to spin up new profiles as needed.
• The more I think about it, the more it sounds like a good idea to include the logic to automatically compare the presented certificate against the profile that was in effect the date of issuance.

[mttcpr]

@djpackham
My understanding is this tool was supposed to be for checking conformance with FPKI profiles so submitted cert samples are more likely to pass review. I'd think automatically comparing a cert to an old version of the policy that no longer applies would be undesirable given that intent. If anything I think this should be a manual selection that always defaults to current.

@grandamp
What I think you're talking about here in combination with #24 is a tool for determining if millions of certs issued a year or more ago conformed at the time they were issued even though they may not now. While I could see that might yield some interesting output, is there a requirement for this kind of audit?

[mttcpr]

I added profile info to the configuration file to facilitate display of profile version/date, possibly for selection UI. Don't plan to move the needle on this more until things are more done..