David Schwartz wrote: > ... An attacker can start trying to break your key as soon he has your public key.
Issuance date of the cert suffices. It's still not an attribute of the private key. In any case, you may of course need to validate an old signature, and the mechanics for that have been elaborated here. You don't need to perform the validation during the period defined by the cert, you have that absolutely wrong. A signature with a timestamp outside the valid dates of the cert is invalid, but you may have a need to validate signatures long after a cert expires. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]