[xmlsec] Verify signature after certificate expired
rsalz at datapower.com
Wed Oct 9 10:34:41 PDT 2002
Yes, it is important to be able to verify something after the
credentials have expired. As long as the signature was *generated*
during the validity period, then you can verify it. There is a reason
why PKCS7, and XML-DSIG, include the ability to put CRL's into a
signature: so you can show -- at the time the sig was generated -- that
the cert was not revoked.
Hope this helps.
More information about the xmlsec