Zitat von Christine Karman <christine(a)christine.nl>nl>:
On 05/09/2011 10:53 AM, lst_hoe02(a)kwsoft.de wrote:
today i discovered that if a mail is signed by i
expired certificate
the certificate is still fetched and added to the Djigzo store. Is
this useful in any case or wouldn't it be better to ignore expired
certificates?
Does it harm to store them? If you store a cert that expires one day
later, you also have an expired cert. If someone decides to sign their
messages with an expired cert, there may be a reason for that. I
generally don't mind expired certs. I think Djigzo shouldn't thow away
certs with which messages have been signed.
Djigzo does apply PKI rules, so it obeys expiring dates. With this
expired certificates are somewhat useless. One might argue that it
doesn't hurt (much) to store it today, but i disklike systems
collecting garbage because it might be useful somehow in the future.
If someone decide to use expired certificates, all mailclients used
today will show all sorts of errors, so it is discouraged anyway.
Regards
Andreas