Paul Hoffman wrote, On 2009-01-12 14:16 PST: > At 1:42 PM -0800 1/12/09, Kyle Hamilton wrote:
>> It's basically saying, "I attest to the validity of this binding until >> this date, *unless something extraordinary happens in the meantime*." > > No, that's *way* too strong. The meaning of the notAfter date is quite > simple: "the date on which the certificate validity period ends". (See > the subject of this thread....). A revoked certificate does not expire > until after the notAfter. I explain it to people this way: The notAfter date is the date after which the CA has no further obligation to report that the cert was ever revoked. (It actually is obliged to report revocation ONE more time after the notAfter date, but that detail is not crucial to the understanding of notAfter for most readers.) _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
