Jeffrey Haas <jh...@pfrc.org> writes: > Exactly how the cert lifetime interacts with peering sessions is > likely to be several flavors of ugly.
If you pin the key, then there is no reason to care about expiration. You could define the certificate as valid for as long as the pinned key matches. This is similar to what DANE does. Bjørn
