If I receive a message that supposedly originated from X three months ago, verifying that the key for X has not expired today is not helpful; what I need to know is whether it had expired three months ago.
Also, I tried to clarify what implementation (the resolvers) should be compatible with extending-an-expired-key semantics.
Signed-off-by: Daniel Hardman daniel.hardman@gmail.com
If I receive a message that supposedly originated from X three months ago, verifying that the key for X has not expired today is not helpful; what I need to know is whether it had expired three months ago.
Also, I tried to clarify what implementation (the resolvers) should be compatible with extending-an-expired-key semantics.
Preview | Diff