On Tue, 2015-02-10 at 22:04 +0000, Edgar Olougouna wrote: > Andrew, > I will take a look and follow-up. > Considering that NotBefore/NotAfter properties specify the date range > within which the certificate is valid, are you asking whether this is > any renewal upon/after expiry?
Yes. > I need to look at how the certificate is generated at the first place, > perhaps the protocol has some error condition that would trigger > refreshing the certificate, unless this is outside the protocol I will > find out. > I am trying to get a good scope of what you mean by "roll over keys". So, the above, and for the symmetric keys the general principal in cryptography that you try not to use the same key forever, because it could be broken, and that would expose everything. The protocol clearly has scope for the preferred key to change (decrypt old data with old keys, but encrypt new data with a new day), but as described, it never would. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
