What is the purpose of the "validity period" in X.509 certificates?
I've read the parts of RFC 2459 (Internet X.509 Public Key Infrastructure Certificate and CRL Profile) that I believed to be relevant to this question. However, I'm not totally clear on what the purpose of the validity period (specifically the expiration date) of the certificate is.
It's my understanding that the purpose of a certificate is to bind a public key to an identity in a way that can be verified (in X.509, through a certificate authority, or in OpenPGP, through a web of trust). Therefore, it seems to me like a certificate would be valid from the time it is created until the time the corresponding private key is compromised (or an employee is fired, or whatever), in which case it would be put on a certificate revocation list (I believe).
Under what circumstances is this not true? Why would the binding of an identity to a public key suddenly become invalid? I know that most certificate authorities are commercial enterprises and therefore it would be profitable to have a recurring fee, but I'm making an open source project that simply generates certificates (at no cost) that bind a username on the server to a public key, and the password of the user is used to verify his identity to the CA (which, of course, 开发者_如何学编程stores his hashed password).
The idea is to reduce the window of opportunity in case the private key gets compromised. Revocation is possible only if the compromised party is aware of that. Also, the existing revocation mechanisms are not completely reliable, so it's good to have a fixed expiration date.
I'm pretty sure you answered your own question with regards to the commercial aspect. But I'll throw another one in here.
This is to, in part, protect against losses when you have no idea that it was ever lost in the first place. In other words, the only time it will show up on a certificate revocation list is if someone knows it was compromised. There are many cases in which you won't know it was compromised so it's good to have a way to force a refresh of the key.
It's kind of like the old days where a spy used a cipher that changed on a daily basis. It wasn't that they thought the old keys were compromised, they changed because they had no idea if the keys were compromised.
Another example is having your password expire every 90 days or so. It's not expiring because it is known to have been lost; it's expiring in case it was lost and you don't know it.
精彩评论