(bugzilla.mozilla.org)

1318 points xvector | 1 comments | 04 May 19 01:31 UTC | HN request time: 0s | source

Show context

M0 ◴[04 May 19 03:05 UTC] No.19824127[source]▶

>>19823701 (OP) #

They don't use cryptographic timestamps with their signatures ? The certificate might now be invalid, but the signatures were done at a time when it was valid...

replies(1): >>19824413 #

fluidcruft ◴[04 May 19 04:20 UTC] No.19824413[source]▶

>>19824127 #

The problem is that "time" is fungible and can be forged. The date on a signature doesn't really mean anything.

replies(2): >>19824479 #>>19824706 #

1. userbinator ◴[04 May 19 04:36 UTC] No.19824479[source]▶

>>19824413 #

Emphasis on cryptographic timestamps.

↑

All extensions disabled due to expiration of intermediate signing cert