> > Does that imply that a CA that signs a cert that is supposed to be > valid for 2yrs using an intermediate cert that is valid for 20 months > essentially makes a cert for 20 months only because for the remaining > 4 months the cert will be invalid?
I'd say yes, as much as a revoked trusted certificate makes all issued certificates instantly invalid. Your case looks sort of corner, but I believe the same verification rule should apply. A wise CA would refresh their certificate before such a race condition occurs. Alfredo _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
