On Nov 9, 2012, at 10:46 AM, Dean Willis wrote: > AD asks: > > section 7.4.2.2: If the signer's cert has expired, is a signature on a stored > value still considered valid or not? One issue is that if any > revocation/status checking is supported then there may not be any such > information available for expired certs. Another issue is that if you do > consider signatures only verifiable with non-expired certs, then a lot can go > wrong when a cert expires and its hard to fix that up. I don't have a good > solution to offer, but maybe you have an answer? > > In the current doc, 7.1 says: > When signatures are verified, the current time MUST > be compared to the certificate validity period. However, it is > permitted to have a value signed which expires after a certificate's > validity period (though this will likely cause verification failure > at some future time.) > > I understand that some implementations flush any object for which the signing > certificate has expired; that is, the upper TTL for an object is the > remaining validity period for the signing certificate. This could be enforced > on insertion, or by audit/cleanup processes. > > How do we want to handle it? > >
I met today with Cullen and EKR on this one. We agree that we need to clarify in 7.4.2.2 that a signature from an expired cert is not valid, and that implementations may garbage-collect data signed by expired certs at their discretion. We can add a back-reference to the validity testing section in 7.1 -- Dean _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
