[cabfpub] FW: Short lived OCSP signing certificate
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Thu Sep 20 08:36:50 UTC 2012
On 09/20/2012 11:26 AM, From Rob Stradling:
> Or, does the current treatment of expired long-lived certificates need
> to change? During a long-lived certificate's lifetime, many browsers
> will notice if it gets revoked. But as soon as that revoked
> certificate expires, those same browsers will presumably start
> treating that certificate no differently than they would treat an
> expired certificate that was never revoked.
Some browsers will check certificate status nevertheless. But certainly
certificates that expired shouldn't be relied upon.
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120920/268b400c/attachment-0004.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4506 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120920/268b400c/attachment-0002.p7s>
More information about the Public
mailing list