noloader at gmail.com
Fri Jun 24 15:40:03 EDT 2016
On Fri, Jun 24, 2016 at 2:30 PM, Ron Garret <ron at flownet.com> wrote:
> What matters is not the certificate. The certificate is public. You can’t “steal" a certificate.
> What you *can* steal is the private key associated with a certificate, and the more time goes by the more likely it becomes that someone has done so.
> However, the expiration date is completely arbitrary. There’s nothing magic that happens on the expiration date that makes a cert significantly less secure the day after it expires than it was the day before
In principal, I think it does.
The CA's responsibility (warranty) ends when the certificate expires.
Once the certificate is expired it will not be added to a CRL, so it
could not be revoked. In fact, if it was revoked, then it will be
removed from the CRL.
Whether that system works in practice is a colorful subject that Dr.
Gutmann does a great job of poking fun at in his book Engineering
More information about the cryptography