This won't fix the legacy devices that already exist, but I wonder if there shou... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		cmeacham98 on Oct 14, 2021 \| parent \| context \| favorite \| on: Working around expired root certificates This won't fix the legacy devices that already exist, but I wonder if there should be some way for root certificates to sign a replacement of themselves. All other signatures would be treated as invalid after the expiration, but this special "this is my replacement" signature would allow non-updated clients to continue to work.

Semaphor on Oct 14, 2021 [–]

If you can do that, what would be the point of root expiry?

eli on Oct 14, 2021 | [–]

I think that's a valid question

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact