💾 Archived View for rawtext.club › ~sloum › geminilist › 006192.gmi captured on 2021-11-30 at 19:37:34. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
mbays mbays at sdf.org
Thu Mar 25 22:44:59 GMT 2021
- - - - - - - - - - - - - - - - - - -
Does it make sense to give a self-signed client certificate an expiration date? I think not, and therefore according to RFC5280 section 4.1.2.5, notAfter should be set to 9999-12-31 23:59.=
https://tools.ietf.org/html/rfc5280#section-4.1.2.5
The same goes for self-signed server certificates, but I mention this in the context of client certs because the notAfter time gives a way to fingerprint clients. So it would be good for clients which generate client certs to agree on this.-------------- next part --------------A non-text attachment was scrubbed...Name: signature.ascType: application/pgp-signatureSize: 195 bytesDesc: not availableURL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210325/d864cb62/attachment.sig>