On 09/13/2017 09:31 AM, Michael Richardson wrote:
Robert Moskowitz wrote:
> The devices never test out the lifetime of their certs. That is up to
Exactly...
(Do you think about the MacGyver/StarTrek/A-Team/Leverage/MissionImpossible
plot line that goes along with
> Le 13 sept. 2017 à 17:08, Michael Wojcik a
> écrit :
>
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
>> Of Michael Richardson
>> Sent: Wednesday, September 13, 2017 09:32
>>
>> I suspect that the value: literal value
On 09/13/2017 09:39 AM, Salz, Rich via openssl-users wrote:
An X509v3 certificate has “notBefore” and “notAfter” fields. If either of
those is not present, then it is not an X509v3 certificate. The time marked by
those fields is the validity period.
If you want “never expires” X509v3
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Michael Richardson
> Sent: Wednesday, September 13, 2017 09:32
>
> I suspect that the value: literal value 1231235959Z will simply come to
> mean "the end of time", even after the year 10,000. It has a well known
An X509v3 certificate has “notBefore” and “notAfter” fields. If either of
those is not present, then it is not an X509v3 certificate. The time marked by
those fields is the validity period.
If you want “never expires” X509v3 certificates, the best you can do it put a
very large value in the
Robert Moskowitz wrote:
> The devices never test out the lifetime of their certs. That is up to
Exactly...
(Do you think about the MacGyver/StarTrek/A-Team/Leverage/MissionImpossible
plot line that goes along with each engineering decision?...)
> validating
Hello!
Thanks for the response.
I was thinking of setting the duration fo the certificate to infinite,
i.e. the Validity period set to infinite.
Because in the information I have, the only possibility is to set the duration
(in days) with the command, but the command doesn't allow to put
The devices never test out the lifetime of their certs. That is up to
the validating servers. And the iDevID is not really intended for
operational use. Rather it is the security bootstrap for the lDevID.
See the work being done in the ANIMA workgroup as an example of what to
do with this.
This is an interesting statement.
>> should use the GeneralizedTime value 1231235959Z (10) in the
notAfter field ...
>> Solutions verifying a DevID are expected to accept this value
indefinitely
Isn't using that large a time value in certificates problematic? Not all
systems can handle it
IEEE 802.1ARce (latest draft addendum) specifies:
8.7 validity
The time period over which the DevID issuer expects the device to be used.
All times are stated in the Universal Coordinated Time (UTC) time zone.
Times up to and including
23:59:59 December 31, 2049 UTC are encoded as UTCTime as
Depends on the question
'Infinite' duration is used in IEEE 802.1AR Device Identities. The
concept is the vendor installs the certificate in read-only memory. It
is expected to be good for the life of the device.
On 09/11/2017 05:32 AM, Alejandro Pulido wrote:
Dear team of OpenSSL,
Dear team of OpenSSL,
First of all, congratulations for your invaluable work!
I have a question regarding the issue of certificates X.509 with infinite
duration and I don't know where to submit it.
Please, could you help me?
Thank you very much and kind regards
Alejandro J Pulido Duque
--
12 matches
Mail list logo