Hi! I am working on a project where we issue short term client TLS certs, with just a few days lifespan.
I realized that in some protocols, like SIP, MQTT, XMPP, we have quite long lived client connections over connection-oriented protocols. During those connections, a cert may expire. I have looked, but found no advice, on how to handle that situation. If a SIP client authenticates with a client cert that is valid for 42 hours more, opens a connection that stays open for a long time, several lifespans… Another situation is that the client cert is valid, but another cert in the trust chain expires. The intermediate cert or the server cert may expire during the connection lifetime, as an example. What should the server and client do here? I imagine the connection should be closed when the one of the certs in the mutual chain of trust expires. Do we have any document that describes this situation? Regards, /Olle _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
