On 22/12/2014 13:57, Dave Thompson wrote:
At least for now; there is another thread started just a few days ago about all PEM formats used by OpenSSL suggesting the traditional privatekey forms are obsolete and maybe should be deleted!
Please don't do that until 5+ years after 0.9.8 end-of-life. Because private keyswritten by 0.9.8 to securely stored offline media will be using the old formatand need to be usable down the line. Most certificates expire after 5 years orless though a few private keys may be needed much later: 1. Decryption certificates/keys may be needed to decrypt data long after the certificateexpired (in fact, as long as the data remains relevant, think 30+ years for mortgagecontracts, 50+ years for life insurance, and 140+ years for copyright disputes). 2. A few certs (e.g. CA roots and Android developer certs) have very long (30+ years)certificate lifetimes, but those tend to be used regularly over that period, givingplenty of opportunity to convert the private key files. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________ openssl-users mailing list openssl-users@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
