Revoking an expired certificate -
is revoking expired certificate approach?
an expired certificate considered invalid certificate, possible revoke it. since possible revoke it, should valid approach ca.
doesn't ca consider if revoked or not , how affect way certificate used.
it bad idea. no ca this
an expired certificate rejected in general. digital-signature signature verified invalid using expired certificate. browsers reject ssl connections sites expired certificates. there no need of additional validation
in fact, cause inconsistency existent signatures. preserve signatures along certificate expiration time, protected timestamp. when certificate of timestamp close expire, additional timestamp can issued. long term signature format ades embed revocation evidences of used certificates.
revoking expired certificate means signatures valid, status of certificate @ ca not valid. has no sense.
from point of view of ca, waste of resources. think in 20 years old ca millions of expired certificates in revoked state. need incredible large crl file( revocation list) serve , ocsp services ( online check status) maintain
Comments
Post a Comment