💾 Archived View for rawtext.club › ~sloum › geminilist › 006192.gmi captured on 2023-12-28 at 16:23:11. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

<-- back to the mailing list

[tech] client certificate expiry

mbays mbays at sdf.org

Thu Mar 25 22:44:59 GMT 2021

- - - - - - - - - - - - - - - - - - - 

Does it make sense to give a self-signed client certificate an expiration date? I think not, and therefore according to RFC5280 section 4.1.2.5, notAfter should be set to 9999-12-31 23:59.=

https://tools.ietf.org/html/rfc5280#section-4.1.2.5

The same goes for self-signed server certificates, but I mention this in the context of client certs because the notAfter time gives a way to fingerprint clients. So it would be good for clients which generate client certs to agree on this.-------------- next part --------------A non-text attachment was scrubbed...Name: signature.ascType: application/pgp-signatureSize: 195 bytesDesc: not availableURL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210325/d864cb62/attachment.sig>