Zitat von Christine Karman <[email protected]>:
On 05/09/2011 10:53 AM, [email protected] wrote:today i discovered that if a mail is signed by i expired certificate the certificate is still fetched and added to the Djigzo store. Is this useful in any case or wouldn't it be better to ignore expired certificates?Does it harm to store them? If you store a cert that expires one day later, you also have an expired cert. If someone decides to sign their messages with an expired cert, there may be a reason for that. I generally don't mind expired certs. I think Djigzo shouldn't thow away certs with which messages have been signed.
Djigzo does apply PKI rules, so it obeys expiring dates. With this expired certificates are somewhat useless. One might argue that it doesn't hurt (much) to store it today, but i disklike systems collecting garbage because it might be useful somehow in the future. If someone decide to use expired certificates, all mailclients used today will show all sorts of errors, so it is discouraged anyway.
Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
