On certificates and validation

John Cowan cowan at ccil.org
Fri Nov 27 00:04:14 GMT 2020

Previous message (by thread): On certificates and validation
Next message (by thread): On certificates and validation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Nov 26, 2020 at 1:41 PM Michael Lazar <lazar.michael22 at gmail.com>
wrote:

> I fully agree that the expiration date is useless in TOFU schemes.
>

However, they make all kinds of sense in client certs. If you see an
expired cert coming from a client, it is most likely a replay attack (or a
broken client).  If the client cert is meant for user identification, you
will of course need to provide the hash of the newly created cert to the
server administrator.

John Cowan          http://vrici.lojban.org/~cowan        cowan at ccil.org
How comes city and country to be filled with drones and rogues, our highways
with hackers, and all places with sloth and wickedness?
                --W. Blith, Eng. Improver Improved, 1652
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20201126/60221352/attachment.htm>

Previous message (by thread): On certificates and validation
Next message (by thread): On certificates and validation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list