Full Disclosure mailing list archives
Re: Expired certificate
From: Ryan Castellucci <ryan.castellucci () gmail com>
Date: Thu, 22 Jul 2010 17:41:35 -0700
On Fri, Jul 16, 2010 at 11:06 AM, Dimitry Andric <dimitry () andric com> wrote:
On 2010-07-16 19:15, Larry Seltzer wrote:Certificates have expiration dates so that the verification that happens at the time the cert is acquired can have some "freshness."That is definitely not the only reason. The longer a certificate (or actually, any 'secret key') is being used, the larger the probability that it will be compromised, either by an opponent brute-forcing it, or by good ole' human error.
Except that there's nothing that makes you change out the private key when the cert expires. As far as I've seen, the cert vendors will just let you renew your certificate for the same private key. -- Ryan Castellucci http://ryanc.org/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Expired certificate Daniel Sichel (Jul 16)
- Re: Expired certificate Larry Seltzer (Jul 16)
- Re: Expired certificate Dimitry Andric (Jul 16)
- Re: Expired certificate Valdis . Kletnieks (Jul 16)
- Re: Expired certificate Jan Schejbal (Jul 21)
- Re: Expired certificate Ryan Castellucci (Jul 22)
- Re: Expired certificate Dimitry Andric (Jul 16)
- Re: Expired certificate Junk Meat (Jul 16)
- Re: Expired certificate bk (Jul 16)
- Re: Expired certificate Junk Meat (Jul 16)
- Re: Expired certificate bk (Jul 16)
- Re: Expired certificate Junk Meat (Jul 17)
- Re: Expired certificate Dan Kaminsky (Jul 17)
- Re: Expired certificate Pavel Kankovsky (Jul 18)
- Re: Expired certificate Marsh Ray (Jul 20)
- Re: Expired certificate Dan Kaminsky (Jul 22)
- Re: Expired certificate Marsh Ray (Jul 22)
- Re: Expired certificate bk (Jul 16)
- Re: Expired certificate Larry Seltzer (Jul 16)