Jason Barr wrote: > > Hi Steve, > > Thanks for the post, and it addresses one of the fears I have as well; a > certificate validity date is basically there to avoid the length of time a > compromised keypair can be used for, and if someone got hold of an 'expired' > keypair it would be very simple for them to simply turn their dates back and > sign till kingdom come, and to me that's a bit disturbing. Granted, the > chances of compromise may be small, and the onus is on the user to ensure that > everything is locked down, but these things do happen... >
Yes indeed but considering that an object signing key could be used to write rogue programs and blame someone else the incentive is high. BTW on the subject of time stamps. Do Thawte have a timestamper (Authenticode or otherwise)? I can recall there being some mention that one might be added. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage.
