[xmlsec] Verify signature after certificate expired

Aleksey Sanin aleksey at aleksey.com
Wed Oct 9 13:04:26 PDT 2002

Forgot to mention that I understand that in some cases you might have a 
(wrong) requirement
to skip expiration date check. However, I do think that this is really 
bad idea from security
point of view and you will have to do this "hack" manually.


Aleksey Sanin wrote:

> Yes! When you signed it you claimed that you are the college student. 
> When you graduated
> you are not college student anymore and your signature as "college 
> student" is *not* valid.
> Certificate is not only a key but also your "digital identity". When 
> certificate expires your
> identity is no longer valid. If you want your signature to be valid 
> after you graduate you need
> to use your personal cert with longer expiration time.
> Aleksey
> Rich
>> Signatures must be valid even after the signing certificate has 
>> expired. Anything else is just non-sensical.  Example:  I go to 
>> college, get a certificate from my school, use the key to sign a PDF 
>> that contains my thesis.  I graduate and the cert expires.  Is my 
>> thesis no longer considered to be signed?
>>     /r$
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list