I should mention that on the [EMAIL PROTECTED] list, there's been a fair amount of discussion on this topic. The concept that is put forth is that the trust anchor is the key -- and any metadata that the key surrounds itself with (such as a certificate, for ease of trust anchor distribution) is non-binding.
This gets into the concept of "key continuity management" for an entity as opposed to hierarchal trust for the entity. This is unfortunately a concept which is foreign to most X.509 implementations. My view? If a trust anchor asserts its validity ending on a given date, that's a policy decision asserted by that trust anchor (even though a CA is identified by its name, not by its key). -Kyle H On 4/15/07, Paul Hoffman <[EMAIL PROTECTED]> wrote: > This is very good to hear. I have no idea if this is true for other > browsers or OS components that have root stores. > > Man, this would be a good research project for some adventurous undergrad. > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- -Kyle H _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
