"Lutz" == Lutz Donnerhacke <lutz(_at_)iks-jena(_dot_)de> writes:
Lutz> * Paul Koning wrote:
It seems to me the logical thing to do is very easy to describe:
expired or revoked certs are treated as if they were nonexistent.
Lutz> But certificates of expired keys are still valid.
For verifying old stuff, yes. Not for new stuff. So my simple
description was too simplistic. I would apply it to things expired or
revoked as of the creation date of whatever I want to verify.
paul