The devices never test out the lifetime of their certs. That is up to
the validating servers. And the iDevID is not really intended for
operational use. Rather it is the security bootstrap for the lDevID.
See the work being done in the ANIMA workgroup as an example of what to
do with this.
This is an interesting statement.
>> should use the GeneralizedTime value 1231235959Z (10) in the
notAfter field ...
>> Solutions verifying a DevID are expected to accept this value
indefinitely
Isn't using that large a time value in certificates problematic? Not all
systems can handle it
On Tue, Sep 12, 2017, Mat??j Cepl wrote:
> Hi,
>
> I am working on porting M2Crypto to OpenSSL 1.1.* API (in branch
> https://gitlab.com/mcepl/m2crypto/commits/openssl-1.1.0 ) and I
> got lost in STACK_OF structures.
>
> Simplified function I have troubles with is (the real stuff with
> all
Hi,
I am working on porting M2Crypto to OpenSSL 1.1.* API (in branch
https://gitlab.com/mcepl/m2crypto/commits/openssl-1.1.0 ) and I
got lost in STACK_OF structures.
Simplified function I have troubles with is (the real stuff with
all Python2/Python3 shims is https://is.gd/Nbq3Qp ; the similar
IEEE 802.1ARce (latest draft addendum) specifies:
8.7 validity
The time period over which the DevID issuer expects the device to be used.
All times are stated in the Universal Coordinated Time (UTC) time zone.
Times up to and including
23:59:59 December 31, 2049 UTC are encoded as UTCTime as
Depends on the question
'Infinite' duration is used in IEEE 802.1AR Device Identities. The
concept is the vendor installs the certificate in read-only memory. It
is expected to be good for the life of the device.
On 09/11/2017 05:32 AM, Alejandro Pulido wrote:
Dear team of OpenSSL,
Dear team of OpenSSL,
First of all, congratulations for your invaluable work!
I have a question regarding the issue of certificates X.509 with infinite
duration and I don't know where to submit it.
Please, could you help me?
Thank you very much and kind regards
Alejandro J Pulido Duque
--
On 12/09/2017 15:56, Robert Moskowitz wrote:
On 09/12/2017 09:38 AM, Robert Moskowitz wrote:
On 09/12/2017 09:09 AM, Dr. Stephen Henson wrote:
On Mon, Sep 11, 2017, Robert Moskowitz wrote:
I would actually really like to have a SIMPLE OCSP responder. But
so far have not found one.
On 09/12/2017 09:38 AM, Robert Moskowitz wrote:
On 09/12/2017 09:09 AM, Dr. Stephen Henson wrote:
On Mon, Sep 11, 2017, Robert Moskowitz wrote:
I would actually really like to have a SIMPLE OCSP responder. But
so far have not found one. freeIPA has one buried within it, but
that is too
On 09/12/2017 09:09 AM, Dr. Stephen Henson wrote:
On Mon, Sep 11, 2017, Robert Moskowitz wrote:
I would actually really like to have a SIMPLE OCSP responder. But
so far have not found one. freeIPA has one buried within it, but
that is too disruptive to install unless you buy into freeIPA.
On Mon, Sep 11, 2017, Robert Moskowitz wrote:
>
> I would actually really like to have a SIMPLE OCSP responder. But
> so far have not found one. freeIPA has one buried within it, but
> that is too disruptive to install unless you buy into freeIPA.
>
Well the OpenSSL ocsp respoder isn't much
11 matches
Mail list logo