[cryptography] How are expired code-signing certs revoked?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Dec 7 09:21:05 EST 2011

William Whyte <wwhyte at securityinnovation.com> writes:

>I would say that you shouldn't *install* signed software after the signing
>cert expires, but if you installed it before expiry it's still safe to use

That wouldn't work, consider the untold numbers of install CDs shipped with
anything that you could think of conneting to a PC at some point (your shiny
new digital camera, your electric toothbrush, ...).  These are often extremely
out-of-date, but you can't block the install just because the cert has


More information about the cryptography mailing list