[xmlsec] Verify signature after certificate expired
Aleksey Sanin
aleksey at aleksey.com
Wed Oct 9 13:04:26 PDT 2002
Forgot to mention that I understand that in some cases you might have a
(wrong) requirement
to skip expiration date check. However, I do think that this is really
bad idea from security
point of view and you will have to do this "hack" manually.
Aleksey
Aleksey Sanin wrote:
> Yes! When you signed it you claimed that you are the college student.
> When you graduated
> you are not college student anymore and your signature as "college
> student" is *not* valid.
> Certificate is not only a key but also your "digital identity". When
> certificate expires your
> identity is no longer valid. If you want your signature to be valid
> after you graduate you need
> to use your personal cert with longer expiration time.
>
> Aleksey
>
>
>
> Rich
>
>>
>> Signatures must be valid even after the signing certificate has
>> expired. Anything else is just non-sensical. Example: I go to
>> college, get a certificate from my school, use the key to sign a PDF
>> that contains my thesis. I graduate and the cert expires. Is my
>> thesis no longer considered to be signed?
>> /r$
>>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list