|
|
|
|
|
|
by paxswill
4864 days ago
|
|
|
That still doesn't fully explain why they expire, as CRLs and OCSP allow certificates to be revoked. I can't quite explain why having an expiration date is safer, I just feel it's a good practice, to protect against possible key compromise. |
|
|
http://www.imperialviolet.org/2012/02/05/crlsets.html