At 4:30 PM +0100 4/12/07, Gervase Markham wrote:
>Paul Hoffman wrote:
>> At 10:00 AM +0000 3/14/07, Gervase Markham wrote:
>>> Paul Hoffman wrote:
>>>> A related question that I was intending to do some research on: if a
>>>> trust anchor ("trusted root" in this thread) has an expiration date
>>>> in the past, doe NSS still treat it as a trust anchor, or does it
>>>> ignore it?
>>>
>>> I can't say for certain because I haven't seen the code, but I would
>>> certainly hope it ignores it!
>>
>> I would hope that NSS *would* use this information because it is what
>> the CA has asserted about itself. RFC 3280 does not require that the
>> processor use this information.
>
>I may have been unclear here. By "ignores it", I meant "ignore the
>cert", not "ignore the expiration date". I believe that's the original
>sense in which you used it, but I could be misreading you.
Ah! We are in agreement. If a cert says "I expire on this date in the
past", we both would prefer that NSS would use the information and
not use it as a trust anchor.
I still cannot find the code that would or would not implement this, however.
_______________________________________________
dev-tech-crypto mailing list
[EMAIL PROTECTED]
https://lists.mozilla.org/listinfo/dev-tech-crypto
