David Schwartz wrote:
You have to have absolute trust in any entity that will generate or store your private key. Thus you can trust any information in it -- anyone who could put in bogus information could give away your key to strangers. (By absolute trust, I mean with respect to anything you would use that private key for.)
Pick a keypair, any keypair. It has existed in a mathematical sense since mathematics has existed, or longer, if your a mathematical idealist. What do you have in mind? I give them all a creation date of 0. NotValidBefore and NotValidAfter are perfectly fine concepts that do not violate the laws of modularity, and are where they belong. These come from the signing authorities policy, which also may preclude key reuse after expiry (you can't sign with the private key after expiration, but verification of any messages signed in the validity window succeeds). ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]