Maybe it is the time to introduce the 64-bit UNIX time? Anything else looks like a patch.
Regards, Alex. On Wed, Jul 22, 2015 at 2:34 PM, David Woodhouse <dw...@infradead.org> wrote: > On Wed, 2015-07-22 at 23:29 +0200, Kurt Roeckx wrote: > > On Wed, Jul 22, 2015 at 09:56:24PM +0100, David Woodhouse wrote: > > > > > > The more I look at this 'signed timestamp' scheme, the more pointless > > > it seems in this situation. We basically don't *care* about the wall > > > -clock time, *and* we don't really know it. If we're going to trust > > > anyone to say " was the time at which the signature was > > > generated", then we might as well forget the whole nonsense about an > > > expiry time and just trust that same third party to provide a > > > signature... or not. > > > > The whole point of this signed timestamp is that the signature > > doesn't expire and that you don't have to care about the wall > > clock. > > ... which is much more simply achieved by just not caring about the > validity times of the certificate in the first place. > > -- > dwmw2 > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > >
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev