Ron Garret writes: > The whole idea of an expiration date (rather than an issue date) > on a certificate is a sort of a scam by the CAs to coerce people > into renewing (and hence paying for) their certificates on a regular > schedule. I think some CAs don’t even enforce the use of a new key > when a cert is renewed, which defeats the whole purpose.
Certificate expiry is useful if there isn't a way to check whether a certificate has been revoked, or if some relying parties don't check in practice, or if the revocation channel is unreliable. It's also useful if certificate issuers think information in a certificate may become inaccurate over time, but can't or don't continually check whether the information has gone stale. It's also useful, as you mentioned, if there's an ongoing risk of an undiscovered private key compromise over time. In that case the private key should be changed periodically. Finally, certificate issuees rarely actively revoke certificates when they're no longer relevant. If certificates didn't expire, there would be an enormous pool of obsolete and disused certificates that were still valid and could still potentially have their private key out there somewhere (maybe in a backup or on a decommissioned server). This also has operational consequences for CAs both in terms of OCSP and CRLs: if the CA couldn't rely on expiry, it would have to keep signing all unrevoked certificates for OCSP freshness and keep including all revoked certificates in the CRL; both the lists of revoked and unrevoked certificates could grow without bound, taxing CA resources and the resources of CRL users. For example, VeriSign might still have an ongoing requirement to publish fresh data about certificates from 1995. -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
