Re: https

On Fri, Aug 26, 2011 at 1:13 PM, Hector Santos 
<hsantos(_at_)santronics(_dot_)com> wrote:

Makes you wonder. Why is the concept of expiration required?  Did the IETF
expire, die?  Did its value as an Organization go down and only valid on a
year to year basis?


As I understand it, expiration is supposed to solve the problem of
someone getting their hands on your old certificates and impersonating
you. In order to impersonate you, not only do they have to get into
your system, they have to have done it in the last year or so.

It also keeps certificates for domains from outliving domain
registrations for too long. If you don't have the domain when you go
to renew the certificate, the CA shouldn't renew it.

I guess it also keeps revocation lists short. You only have to
remember that a certain certificate was compromised until it expires,
instead of forever.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread]	Current Thread	[Next in Thread>
Re: https, (continued) Re: https, John C Klensin Re: https, ned+ietf Re: https, Adam Novak Re: https, ned+ietf Re: https, Adam Novak Re: https, Keith Moore Re: https, Melinda Shore Re: https, Eric Burger Re: https, John C Klensin Re: https, Hector Santos Re: https, Adam Novak <= Re: https, Hector Santos Re: https, t.petch Re: https, Glen Zorn Re: https, t.petch Re: https, t.petch Re: https, Glen Zorn Re: https, ned+ietf Re: https, Dave CROCKER Re: https, Melinda Shore Re: https, Tim Bray

Previous by Date:	Re: Routing at the Edges of the Internet, Keith Moore
Next by Date:	Re: https, ned+ietf
Previous by Thread:	Re: https, Hector Santos
Next by Thread:	Re: https, Hector Santos
Indexes:	[Date] [Thread] [Top] [All Lists]