[CentOS] https and self signed
Walter H.
walter.h at mathemainzel.info
Tue Jun 21 06:50:12 UTC 2016
On Mon, June 20, 2016 19:16, Gordon Messmer wrote:
> On 06/20/2016 07:47 AM, James B. Byrne wrote:
>> Exactly what mindless person or committee of bike-shedders decided
>> that software should be distributed so that copies of it expire?
>
> Expiration is a fundamental aspect of x509 certificates. Do you
> understand x509 at all?
with all its problems; look just a little bit into the future;
when I sign a document today, the certificate I sign this document maybe
valid till the end of next year (end of the year 2017);
let us think this is an important document; and let us think you were a
young boy now;
in case the software still exists in the next 50 years, the diagnosis if
the document has been modified is easy, but ...
how would you be able to verify that this document hasn't been signed by a
certificate that had been revoked when you are an old man?
More information about the CentOS
mailing list