> Ssh doesn't expire its keys, and isn't worse for that. This is the analogue I was looking for. SSH doesn't care about Common Name or other cruft in the cert, either. I agree that some sort of sanity check is nice, but at the same time I have trouble finding a philosophical or practical reason for doing any sort of validation on first use, and any beyond "same as last time" on subsequent visits. Yes, Drew says I should. But are there any arguments supporting that position? Cheers, ew0k
---
Previous in thread (6 of 14): 🗣️ marc (marcx2 (a) welz.org.za)
Next in thread (8 of 14): 🗣️ Drew DeVault (sir (a) cmpwn.com)