On 1/5/22 2:17 PM, Charles Mills wrote:
Here is the problem with that logic. If there is a problem with the integrity of a certificate the CA will revoke it.
N.B. Revocation and Expiration are two different mechanism that indicate two very different things.
IMHO this is /especially/ true if the expiration is on the order of single or double digit hours ago.
If the data is important enough to encrypt and to validate the server connection, it is important enough to not ignore expired certificates.
IMHO there is a big difference in "ignoring" an expired certificate and "making an informed decision" possibly after contacting the company and them saying "yes, we're working on renewing it, and hope to have it fixed by this afternoon".
-- Grant. . . . unix || die ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
