Crazy idea here, but the fact that notAfter is a mandatory field in X.509 is a major headache in some cases. RFC 5280 defines the special value
To indicate that a certificate has no well-defined expiration date, the notAfter SHOULD be assigned the GeneralizedTime value of 99991231235959Z. But in practice, this is not widely supported or even well-known enough to be universally usable. Idea: could notAfter be made optional in C509? When transcoding to X.509 I suppose you would have to replace an absent notAfter with the GeneralizedTime value of 99991231235959Z. The same could maybe be considered for notBefore. - Mike Ounsworth Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
