On Mon, Dec 20, 2010 at 10:46:30AM -0800, travis+ml-rbcryptogra...@subspacefield.org wrote: > libnss, at least on Linux, checks that the signing cert (chain) is valid > at the time of signature - as opposed to present time. (It may check > present time as well - not sure on that). > > This makes for problems if you renew the cert, since the new cert will > have a creation date of the current time, after the object was signed.
By the way, is there anything "wrong" about reissing a cert with the same serial and key but a new timestamp (date range)? -- http://www.subspacefield.org/~travis/ | "His secure handshake is so strong, you won't be able to exchange keying material with anyone else for a week" If you are a spammer, please email j...@subspacefield.org to get blacklisted.
pgp35ovrOfE0y.pgp
Description: PGP signature
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography