[cryptography] How are expired code-signing certs revoked?
pgut001 at cs.auckland.ac.nz
Wed Dec 7 07:01:49 EST 2011
Consider the following scenario:
1. Attackers steal a code-signing key and use it to sign malware.
2. The certificate for the stolen key expires.
3. Malware signed with the key turns up.
Since the signature is timestamped to allow it to still validate after the
original cert expires, it'll be regarded as valid. Since the cert has now
expired, it won't be present in the CRL, or if it was present it'll be removed
(this is standard practice to manage CRL sizes).
How do you invalidate such a signature?
More information about the cryptography