MUD-Manager icon indicating copy to clipboard operation
MUD-Manager copied to clipboard
verified publisher icon CiscoDevNet

On bouncing expired certs

Open elear opened this issue 7 years ago • 0 comments

Currently, if a signature was valid at the time of signing, we will still produce an error. That is based on OpenSSL's CMS behavior. It is possible to configure OpenSSL not to do that, but the reason that it is the way it is, is because the clock used to sign the file is under the control of the one with the certificate.

The general argument runs that if you're interested in non-repudiation more than whether the cert was valid at the time of signing, then it's okay to consider the check based on that time. But if you're interested in whether the cert was in fact valid at the time the signature was made, then a secure time stamp is required, or the file must be resigned. MUD has no notion of a secure timestamp, and that in itself would require some neutral and complex service.

Still there will be a lot of devices and manufacturers who generally will NOT resign their files. This is a little bit of a problem.

elear avatar Jan 15 '19 16:01 elear