David Schwartz wrote:
If you can't trust the system that generates and stores your private key, you're screwed anyway. So I don't see that this argument has any validity.
A timestamp is not an attribute of a private key. It's utterly irrelevant. If your purpose is to require that new certificates bound to an entity upon expiration of old certs have a different key, do that. Multiplying your misunderstanding by zero does not improve matters, even for large values of zero. - M ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]