[Cryptography] HP accidentally signs malware, will revoke certificate

Hasan Diwan hasan.diwan at gmail.com
Sat Oct 11 19:43:25 EDT 2014


On 11 October 2014 08:18, ianG <iang at iang.org> wrote:

> So a 4 year old expired cert is still a critical
> piece of infrastructure, and they are still going to revoke it
>

Why aren't certificates revoked automatically on expiration? All using a
revoked/expired certification should do is warn me that "the cert you are
using has expired/been revoked, please get a new one from foo.com". What is
the other use case I'm missing? -- H

-- 
OpenPGP: https://hasan.d8u.us/gpg.key
Sent from my mobile device
Envoyé de mon portable
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141011/4a2f4580/attachment.html>


More information about the cryptography mailing list