A paragraph in netscape's documentation says
(http://developer.netscape.com:80/docs/manuals/cms/41/adm_gide/app_sign.htm):
:Question:
:Objects to be signed will be stored and used long-term, well after the
:certificates used for signing have expired. Will signed objects still
:be trusted even after their object-signing certificates have expired?
:
:Answer:
:Although certificates expire, valid signatures do not. Signature
:validation is based on the date of the signature rather than
:the time verification occurs. If a certificate chain was valid at
:signing, Communicator will continue to recognize that signature even
:after certificates in that chain expire. Note that this would not be
:true, however, if an object was signed using the -z option which omits
:the original timestamp and forces validation to rely on the current
:status of the certificate chain.
Does this mean that i can put a signed and 'jar'ed applet on a cd-rom
and it works in ie5 and ns4.x/mozilla *with* Sun's Java Plugin 1.3
eternally?
Any contribution greatly appreciated.
bernd
