subject:"\[openssl\-users\] Doubt regarding O\-SSL and setting the duration of certificates"

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

2017-09-13 Thread Robert Moskowitz

On 09/13/2017 09:31 AM, Michael Richardson wrote: Robert Moskowitz wrote: > The devices never test out the lifetime of their certs. That is up to Exactly... (Do you think about the MacGyver/StarTrek/A-Team/Leverage/MissionImpossible plot line that goes along with

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

2017-09-13 Thread Erwann Abalea via openssl-users

> Le 13 sept. 2017 à 17:08, Michael Wojcik a > écrit : > >> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf >> Of Michael Richardson >> Sent: Wednesday, September 13, 2017 09:32 >> >> I suspect that the value: literal value

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

2017-09-13 Thread Robert Moskowitz

On 09/13/2017 09:39 AM, Salz, Rich via openssl-users wrote: An X509v3 certificate has “notBefore” and “notAfter” fields. If either of those is not present, then it is not an X509v3 certificate. The time marked by those fields is the validity period. If you want “never expires” X509v3

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

2017-09-13 Thread Michael Wojcik

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Michael Richardson > Sent: Wednesday, September 13, 2017 09:32 > > I suspect that the value: literal value 1231235959Z will simply come to > mean "the end of time", even after the year 10,000. It has a well known

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

2017-09-13 Thread Salz, Rich via openssl-users

An X509v3 certificate has “notBefore” and “notAfter” fields. If either of those is not present, then it is not an X509v3 certificate. The time marked by those fields is the validity period. If you want “never expires” X509v3 certificates, the best you can do it put a very large value in the

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

2017-09-13 Thread Michael Richardson

Robert Moskowitz wrote: > The devices never test out the lifetime of their certs. That is up to Exactly... (Do you think about the MacGyver/StarTrek/A-Team/Leverage/MissionImpossible plot line that goes along with each engineering decision?...) > validating

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

2017-09-13 Thread Alejandro Pulido

Hello! Thanks for the response. I was thinking of setting the duration fo the certificate to infinite, i.e. the Validity period set to infinite. Because in the information I have, the only possibility is to set the duration (in days) with the command, but the command doesn't allow to put

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

2017-09-12 Thread Robert Moskowitz

The devices never test out the lifetime of their certs. That is up to the validating servers. And the iDevID is not really intended for operational use. Rather it is the security bootstrap for the lDevID. See the work being done in the ANIMA workgroup as an example of what to do with this.

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

2017-09-12 Thread Frank Migge

This is an interesting statement. >> should use the GeneralizedTime value 1231235959Z (10) in the notAfter field ... >> Solutions verifying a DevID are expected to accept this value indefinitely Isn't using that large a time value in certificates problematic? Not all systems can handle it

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

2017-09-12 Thread Robert Moskowitz

IEEE 802.1ARce (latest draft addendum) specifies: 8.7 validity The time period over which the DevID issuer expects the device to be used. All times are stated in the Universal Coordinated Time (UTC) time zone. Times up to and including 23:59:59 December 31, 2049 UTC are encoded as UTCTime as

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

2017-09-12 Thread Robert Moskowitz

Depends on the question 'Infinite' duration is used in IEEE 802.1AR Device Identities. The concept is the vendor installs the certificate in read-only memory. It is expected to be good for the life of the device. On 09/11/2017 05:32 AM, Alejandro Pulido wrote: Dear team of OpenSSL,

[openssl-users] Doubt regarding O-SSL and setting the duration of certificates

2017-09-12 Thread Alejandro Pulido

Dear team of OpenSSL, First of all, congratulations for your invaluable work! I have a question regarding the issue of certificates X.509 with infinite duration and I don't know where to submit it. Please, could you help me? Thank you very much and kind regards Alejandro J Pulido Duque --

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

Re: [openssl-users] Doubt regarding O-SSL and setting the duration of certificates

[openssl-users] Doubt regarding O-SSL and setting the duration of certificates

12 matches

Site Navigation

Mail list logo

Footer information