Hi, On Fri, Feb 24, 2023 at 10:58:06AM +0100, Bo Berglund wrote: > And why is there an expiration of the crl file to begin with?
I explained that, but that mail seems to have been lost - it's because
the assumption of the security folks (outside OpenVPN control) is that
*if* you have a CRL, you want that CRL to be up-to-date at all times.
The assumption is "if something in the CRL producing process fails, and
no new CRL can be generated, better assume that everything should be
disallowed than let someone unauthorized in".
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
