Nico Williams <n...@cryptonector.com> writes: >I've seen 5 day server certificates in use.
For IEC-62351 work you're far more likely to see certificates issued with an expiry date of never, because the last thing you want is your power grid to be taken offline due to a cert someone forgot to renew. In terms of CRL updates the situation is similar, the spec may say you need to check once every X time interval but in practice you forget to perform the check in case it takes your grid offline. Or set a flag saying "cert revoked" and continue anyway, I've seen both. The 24-hour thing sounds like someone's checkbox requirement rather than anything practically useful, or usable. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
