On Fri, Jun 24, 2016 at 2:30 PM, Ron Garret <r...@flownet.com> wrote: > What matters is not the certificate. The certificate is public. You can’t > “steal" a certificate. > > What you *can* steal is the private key associated with a certificate, and > the more time goes by the more likely it becomes that someone has done so. > > However, the expiration date is completely arbitrary. There’s nothing magic > that happens on the expiration date that makes a cert significantly less > secure the day after it expires than it was the day before
In principal, I think it does. The CA's responsibility (warranty) ends when the certificate expires. Once the certificate is expired it will not be added to a CRL, so it could not be revoked. In fact, if it was revoked, then it will be removed from the CRL. Whether that system works in practice is a colorful subject that Dr. Gutmann does a great job of poking fun at in his book Engineering Security (http://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf). Jeff _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography