On Thu, Nov 26, 2020 at 1:41 PM Michael Lazar <lazar.michael22 at gmail.com>
wrote:
> I fully agree that the expiration date is useless in TOFU schemes.
>
However, they make all kinds of sense in client certs. If you see an
expired cert coming from a client, it is most likely a replay attack (or a
broken client). If the client cert is meant for user identification, you
will of course need to provide the hash of the newly created cert to the
server administrator.
John Cowan http://vrici.lojban.org/~cowan cowan at ccil.org
How comes city and country to be filled with drones and rogues, our highways
with hackers, and all places with sloth and wickedness?
--W. Blith, Eng. Improver Improved, 1652
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20201126/6022
1352/attachment.htm>
---
Previous in thread (12 of 14): 🗣️ Björn Wärmedal (bjorn.warmedal (a) gmail.com)
Next in thread (14 of 14): 🗣️ Michael Lazar (lazar.michael22 (a) gmail.com)