On Fri, Feb 15, 2013 at 9:25 AM, Ashok C <ash....@gmail.com> wrote: > On Thu, Feb 14, 2013 at 5:31 PM, Jeffrey Walton <noloa...@gmail.com> wrote: >> On Thu, Feb 14, 2013 at 5:58 AM, Ashok C <ash....@gmail.com> wrote: >> > >> > As part of implementing certificate expiry related alarms for my SSL >> > application, I would kindly require few suggestions and clarifications >> > from the community. >> ... >> >> There are two hidden issues: (1) what precisely is warranted, and (2) >> what liability is in play. Good luck in pinning a CA on liability (100 >> page plus CPSs). > > Not clear what you exactly meant here. Could you please put it in more > simpler terms? Thanks. >> Read the chapter on PKI from Peter Gutmann's Security Engineering (pp. 595-650, www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf).
It's not dry reading. Its interesting from a technical POV (what's the problem, how is it being solved); from a historical POV (committee disagreements, past failures, etc); and it's somewhat humorous at times (Gutmann has a witty sense of humor). Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org