nanog mailing list archives

Re: PKI operators anyone?

From: Joel Jaeggli <joelja () bogus com>
Date: Thu, 06 Sep 2007 00:36:12 -0700


bmanning () vacation karoshi com wrote:

I dont see verisign roots expiring every five years.

I believe that they're on 30 years or so for the root CA
certificates, and shorter periods for the intermediates.

/John


      it was explained to me that the expiry date is after 2038


The verisign root CA public certs I have in my keyring that expire more
than 10 years from now expire either 08/01/2028 or 07/16/2036 which is
well before 03:14:07 UTC jan 19 2038.

Since my arch uses a signed 64bit int for time_t I'm assuming
calculations beyond that magic number won't be an issue for validating
the contents of my keyring.

--bill

Current thread:

PKI operators anyone? Joe Maimon (Sep 05)
- Re: PKI operators anyone? John Curran (Sep 05)
  - Re: PKI operators anyone? Joe Maimon (Sep 05)
    - Re: PKI operators anyone? John Curran (Sep 05)
    - Re: PKI operators anyone? Sean Donelan (Sep 05)
    - Re: PKI operators anyone? John Curran (Sep 05)
    - Re: PKI operators anyone? Valdis . Kletnieks (Sep 05)
    - Re: PKI operators anyone? Chris Marlatt (Sep 05)
    - Re: PKI operators anyone? Sean Donelan (Sep 05)
    - Re: PKI operators anyone? bmanning (Sep 06)
    - Re: PKI operators anyone? Joel Jaeggli (Sep 06)
- RE: PKI operators anyone? Erik Amundson (Sep 05)
  - Re: PKI operators anyone? Joel Jaeggli (Sep 05)
    - RE: PKI operators anyone? Erik Amundson (Sep 06)
- Re: PKI operators anyone? Steven M. Bellovin (Sep 05)
  - Re: PKI operators anyone? Joe Maimon (Sep 05)
    - Re: PKI operators anyone? Steven M. Bellovin (Sep 05)
- RE: PKI operators anyone? Security Admin (NetSec) (Sep 05)
- <Possible follow-ups>
- RE: PKI operators anyone? Paul Ferguson (Sep 05)