On 09/13/2017 09:31 AM, Michael Richardson wrote:
Robert Moskowitz wrote:
> The devices never test out the lifetime of their certs. That is up to
Exactly...
(Do you think about the MacGyver/StarTrek/A-Team/Leverage/MissionImpossible
plot line that goes along with each engineering decisio
> Le 13 sept. 2017 à 17:08, Michael Wojcik a
> écrit :
>
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
>> Of Michael Richardson
>> Sent: Wednesday, September 13, 2017 09:32
>>
>> I suspect that the value: literal value 1231235959Z will simply come to
>> mean "
On 09/13/2017 09:39 AM, Salz, Rich via openssl-users wrote:
An X509v3 certificate has “notBefore” and “notAfter” fields. If either of
those is not present, then it is not an X509v3 certificate. The time marked by
those fields is the validity period.
If you want “never expires” X509v3 certi
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Michael Richardson
> Sent: Wednesday, September 13, 2017 09:32
>
> I suspect that the value: literal value 1231235959Z will simply come to
> mean "the end of time", even after the year 10,000. It has a well known
>
An X509v3 certificate has “notBefore” and “notAfter” fields. If either of
those is not present, then it is not an X509v3 certificate. The time marked by
those fields is the validity period.
If you want “never expires” X509v3 certificates, the best you can do it put a
very large value in the n
Robert Moskowitz wrote:
> The devices never test out the lifetime of their certs. That is up to
Exactly...
(Do you think about the MacGyver/StarTrek/A-Team/Leverage/MissionImpossible
plot line that goes along with each engineering decision?...)
> validating servers. And the iDevID is no
o put other value
rather an integer.
Thanks again
Alejandro J Pulido Duque
De: Robert Moskowitz
Enviado: martes, 12 de septiembre de 2017 14:30:20
Para: openssl-users@openssl.org; Alejandro Pulido
Asunto: Re: [openssl-users] Doubt regarding O-SSL and settin
The devices never test out the lifetime of their certs. That is up to
the validating servers. And the iDevID is not really intended for
operational use. Rather it is the security bootstrap for the lDevID.
See the work being done in the ANIMA workgroup as an example of what to
do with this.
This is an interesting statement.
>> should use the GeneralizedTime value 1231235959Z (10) in the
notAfter field ...
>> Solutions verifying a DevID are expected to accept this value
indefinitely
Isn't using that large a time value in certificates problematic? Not all
systems can handle it tod
artes, 12 de septiembre de 2017 14:30:20
*Para:* openssl-users@openssl.org; Alejandro Pulido
*Asunto:* Re: [openssl-users] Doubt regarding O-SSL and setting the
duration of certificates
Depends on the question
'Infinite' duration is used in IEEE 802.1AR Device Identities. The
concep
Depends on the question
'Infinite' duration is used in IEEE 802.1AR Device Identities. The
concept is the vendor installs the certificate in read-only memory. It
is expected to be good for the life of the device.
On 09/11/2017 05:32 AM, Alejandro Pulido wrote:
Dear team of OpenSSL,
Firs
11 matches
Mail list logo
