I think another choice could be to provide the means to specify the
"current" time as an argument in the command line.
Claudio Campetto.
> -----Messaggio originale-----
> Da: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
> Inviato: giovedì 31 agosto 2000 6.46
> A: [EMAIL PROTECTED]
> Oggetto: Suggestion: smime -noexpire
>
>
>
> One thing that hits smime in a way that it doesn't hit openssl's other
> uses (SSL net services) is that you may want to verify an smime message
> long after the SSL cert has expired. IMHO it is not, strictly speaking,
> the same thing to say that a cert is expired and can't be used to generate
> _new_ messages as opposed to a cert being expired and suddenly is useless
> to validate any messages that it ever signed.
>
> With this in mind, I would propose one of 3 things:
>
> 1. smime should not disuse expired certs. This is probably the least
> palatable option.
>
> 2. smime should have a way to check the date field of an incoming message
> and use _that_ to check for expiration. This sounds to me like the best
> solution.
>
> 3. smime should have a -noexpire flag to disable bombing out expired
> certs.
>
> Just a thought.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
