> > I have argued many times that not including the creation date > in every private key data format was a *huge* mistake. > Furthermore -- > How do you know what time it is? How do I know you know what time > it is? Do I trust you to put the correct time, or even a monotically > increasing sequence, into such a structure? See? It's utterly > useless, even as a thought experiment. As soon as you need reliance > on the truth value of an assertion (validity of a timestamp), you're > already in TRUST territory. > > Might as well let the CA decide not to reissue/resign a cert with an > existing pubkey.
If you can't trust the system that generates and stores your private key, you're screwed anyway. So I don't see that this argument has any validity. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
