💾 Archived View for rawtext.club › ~sloum › geminilist › 006212.gmi captured on 2024-02-05 at 11:02:22. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

<-- back to the mailing list

[tech] client certificate expiry

Stephane Bortzmeyer stephane at sources.org

Sat Mar 27 09:23:22 GMT 2021

- - - - - - - - - - - - - - - - - - - 

On Fri, Mar 26, 2021 at 07:54:48PM +0100, mbays <mbays at sdf.org> wrote a message of 43 lines which said:

Under what circumstances would it make sense to set an expiration
date? What does it indicate? RFC5280 says "The certificate validity
period is the time interval during which the CA warrants that it
will maintain information about the status of the
certificate.". With a self-signed certificate there's no CA, so this
seems to be meaningless.

Without an expiration date, any compromission of the private key lastsforever. Expiration dates are also here to prevent the thief fromusing the certficate infinitely.