[cryptography] How are expired code-signing certs revoked?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Dec 7 09:21:05 EST 2011


William Whyte <wwhyte at securityinnovation.com> writes:

>I would say that you shouldn't *install* signed software after the signing
>cert expires, but if you installed it before expiry it's still safe to use
>it.

That wouldn't work, consider the untold numbers of install CDs shipped with
anything that you could think of conneting to a PC at some point (your shiny
new digital camera, your electric toothbrush, ...).  These are often extremely
out-of-date, but you can't block the install just because the cert has
expired.

Peter.



More information about the cryptography mailing list