[cryptography] MalwareBytes

Jeffrey Walton noloader at gmail.com
Fri Jun 24 15:40:03 EDT 2016


On Fri, Jun 24, 2016 at 2:30 PM, Ron Garret <ron at flownet.com> wrote:
> What matters is not the certificate.  The certificate is public.  You can’t “steal" a certificate.
>
> What you *can* steal is the private key associated with a certificate, and the more time goes by the more likely it becomes that someone has done so.
>
> However, the expiration date is completely arbitrary.  There’s nothing magic that happens on the expiration date that makes a cert significantly less secure the day after it expires than it was the day before

In principal, I think it does.

The CA's responsibility (warranty) ends when the certificate expires.
Once the certificate is expired it will not be added to a CRL, so it
could not be revoked. In fact, if it was revoked, then it will be
removed from the CRL.

Whether that system works in practice is a colorful subject that Dr.
Gutmann does a great job of poking fun at in his book Engineering
Security (http://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf).

Jeff


More information about the cryptography mailing list