On 3/22/2011 9:07 AM, Steffen DETTMER wrote:
When some entity verifies a certificate, finds a valid signature etc but the current date is not between "Valid From" to "Valid To", meaning the certificate seems "not yet valid" or "expired", what is recommended to do?
It depends what you're doing.
I think, essentially, this should be application specific, but are there guide lines or common sense?
The basic idea is this: If the thing you're checking is from a past date, you can verify that date, and the certificate was valid on that date, then continue. If the operation is based on the current date, reject.
In practice there could be issues with wrong sytem date / system clocks / time stamps, which could lead to bad situations, especially when users are not allowed to change the system date (for security reasons) and then failing to remotely administrate (because the peer rejects the actually valid certificate as "expired" or "not yet valid"). It cannot be assumed all entities are connected to the internet or any other external trusted time (except maybe an SSL protected one).
If a system does not have a reliable source of time, then it cannot reliably perform security operations other than verifying timestamped signatures. That should have been addressed when the system was designed.
DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
