Hi Steve, We do have a timestamping root out there somewhere, but for what reason I have no idea, as we currently do not have a timestamping server; you are correct, there were plans, but nothing came of them. ; (
We always poached the Verisign timestamp server (with permission of course...), nowadays though things are a lot easier. : ) Thanks for your time, it is much appreciated, and some of the links you've published before go a long way to making support's day much easier! Regards, Dr S N Henson wrote: > Jason Barr wrote: > > > > Hi Steve, > > > > Thanks for the post, and it addresses one of the fears I have as well; a > > certificate validity date is basically there to avoid the length of time a > > compromised keypair can be used for, and if someone got hold of an 'expired' > > keypair it would be very simple for them to simply turn their dates back and > > sign till kingdom come, and to me that's a bit disturbing. Granted, the > > chances of compromise may be small, and the onus is on the user to ensure that > > everything is locked down, but these things do happen... > > > > Yes indeed but considering that an object signing key could be used to > write rogue programs and blame someone else the incentive is high. > > BTW on the subject of time stamps. Do Thawte have a timestamper > (Authenticode or otherwise)? I can recall there being some mention that > one might be added. > > Steve. > -- > Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ > Personal Email: [EMAIL PROTECTED] > Senior crypto engineer, Gemplus: http://www.gemplus.com/ > Core developer of the OpenSSL project: http://www.openssl.org/ > Business Email: [EMAIL PROTECTED] PGP key: via homepage. -- Jason Barr Vendor Manager Thawte Tech Support www.thawte.com/cgi/support/contents.exe
