Re: Questions about code signing cert.

Discussion in 'Java' started by Roedy Green, Jul 14, 2003.

  1. Roedy Green

    Roedy Green Guest

    On Mon, 14 Jul 2003 19:27:28 +0800, Martin Chan
    <> wrote or quoted :

    >2. What will happen when if people use my application after my
    >certificate has expired?


    They will get a message saying it has expired. It will be much like
    using a phony cert. They can decide to go ahead or not. Presumably
    clever folk can control it via policy files too.

    --
    Canadian Mind Products, Roedy Green.
    Coaching, problem solving, economical contract programming.
    See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
     
    Roedy Green, Jul 14, 2003
    #1
    1. Advertising

  2. Roedy Green

    Dale King Guest

    "Roedy Green" <> wrote in message
    news:...
    > On Mon, 14 Jul 2003 19:27:28 +0800, Martin Chan
    > <> wrote or quoted :
    >
    > >2. What will happen when if people use my application after my
    > >certificate has expired?

    >
    > They will get a message saying it has expired. It will be much like
    > using a phony cert. They can decide to go ahead or not. Presumably
    > clever folk can control it via policy files too.



    No, there should be no problem continuing to use the application after the
    certificate expires. The expiration date is a date when that certificate can
    no longer be used to sign new things. Things that are signed before the
    expiration date continue to be valid.

    This is logical, because the signature says that it really did come from
    this person. If it came from that person on one day, it doesn't suddenly
    change the next day to not come from that person.

    See
    http://e-commerce.seattleu.edu/Security/what_are_digital_certificates.htm
    which says:

    "To further reduce the possibility that someone will derive a private key
    from its public key, the certifying authority timestamps the key pair so
    that they must be replaced periodically, and provides an additional
    mechanism to assure that a signature was applied before the certificate
    expired. Any signature applied during the active lifetime of the digital
    certificate will remain valid for an unlimited time (unless the signed item
    is tampered with or the signature is removed). Any signature applied after
    the digital certificate expires is invalid."
    --
    Dale King
     
    Dale King, Jul 15, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. gerry

    code signing in 2005

    gerry, Feb 28, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    445
    gerry
    Feb 28, 2006
  2. Jacob
    Replies:
    2
    Views:
    1,066
    Roedy Green
    Jul 19, 2003
  3. Roedy Green

    Applet signing Questions

    Roedy Green, Aug 12, 2005, in forum: Java
    Replies:
    2
    Views:
    455
    Pete Barrett
    Aug 12, 2005
  4. David Chan via .NET 247
    Replies:
    1
    Views:
    354
    Dominick Baier [DevelopMentor]
    Jun 2, 2005
  5. Jean

    Code signing

    Jean, Feb 1, 2006, in forum: ASP .Net Security
    Replies:
    1
    Views:
    142
    Henning Krause [MVP]
    Feb 1, 2006
Loading...

Share This Page