[xmlsec] Verify signature after certificate expired
aleksey at aleksey.com
Wed Oct 9 13:15:37 PDT 2002
Yes, I am saying this. The signature is not valid forever. It's valid
only why certificate is valid.
If you don't like this scheme then you should use certs with long
expiration time or another scheme.
Cert is your digital identity. It's not you who signs something but your
digital identity. The issuer
of the certificate gurantees that you and your digital identity match.
But the issuer has a right
to say: "I know that it is true today and for next year. But I am not
responsible for anything happen
after this." I think that this is a meaning of the expiration time. you
may think about this as
about another way to revoke certs.
Rich Salz wrote:
>> Yes! When you signed it you claimed that you are the college student.
>> When you graduated
>> you are not college student anymore and your signature as "college
>> student" is *not* valid.
> So you're saying that you believe it is impossible to ever do any
> after the fact audits. I can never verify that something happened
> "back then" without having a current chain of cross-certified
> certificates up until the present moment. Suppose the signer dies?
> All prior signatures are now just ticking clocks, waiting to become
> xmlsec mailing list
> xmlsec at aleksey.com
More information about the xmlsec