> On Mar 8, 2021, at 1:45 AM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
>
> Not that "never" since it would break a lot of things, but some time far
> enough in the future that you don't have to worry about it.
The cert generator I cobbled together for the OpenSSL test-suite
generates 100-year certs. These work well, and should outlast
the lifetime of the library... Lord help civilization, if it
is still using C for critical software in ~100 years.
(Before that, some older certs used in the build had in fact expired).
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
