Refeds


Subject Re: How to join the refeds wiki
From Ian Young <ian@xxxxxxxxxx>
Date Tue, 17 Mar 2009 15:55:21 +0000


On 13 Mar 2009, at 17:14, Milan Sova wrote:

Is there anything else the broken software checks (hostname, key
usage...) or is any self-signed certificate with notAfter=2050-12-31
acceptable?

The expiry check was the only problem we ran into (that I remember) for that particular software. We didn't attempt to guess what other problems it might have, and we didn't try things like the example you give above.

On the other hand, I wouldn't be at all surprised if there is some software out there somewhere that handles dates after 2038 badly, just because of the 32-bit integer overflow problem. I don't know of any, but I'd be cautious about using 2050 nevertheless.

	-- Ian



Attachment: smime.p7s
Description: S/MIME cryptographic signature