* Paul Koning wrote:
It seems to me the logical thing to do is very easy to describe: expired or revoked certs are treated as if they were nonexistent.
But certificates of expired keys are still valid.