<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body bgcolor="#FFFFFF" text="#000000">
IEEE 802.1ARce (latest draft addendum) specifies:<br>
<br>
8.7 validity<br>
<br>
The time period over which the DevID issuer expects the device to be
used.<br>
<br>
All times are stated in the Universal Coordinated Time (UTC) time
zone. Times up to and including<br>
23:59:59 December 31, 2049 UTC are encoded as UTCTime as
YYMMDDHHmmssZ. Times later than<br>
23:59:59 December 31, 2049 UTC are encoded as GeneralizedTime as
YYYYMMDDHHmmssZ.<br>
<br>
The time the DevID is created is encoded in the notBefore field of
DevID certificates. Each DevID chain<br>
certificate has a notBefore value that encodes a time that is the
same as or prior to that of any DevID<br>
certificate that relies on the chain for certificate validation.<br>
<br>
The latest time a DevID is expected to be used is encoded in the
notAfter field of the DevID certificate.<br>
Each DevID chain certificate has a notBefore value that encodes a
time that is the same as or later than that of any DevID certificate
that relies on the chain for certificate validation.<br>
<br>
Devices possessing an IDevID are expected to operate indefinitely
into the future and should use the<br>
GeneralizedTime value 99991231235959Z (10) in the notAfter field of
IDevID certificates. Solutions<br>
verifying a DevID are expected to accept this value indefinitely.
Values in notAfter fields are treated as<br>
specified in RFC 5280.<br>
<br>
Footnote: (10) <br>
This value corresponds to one second before the year 10 000; note
the creation of an opportunity for the Y10K bug fix industry.<br>
<br>
=====================<br>
<br>
It is really rare to find humor in IEEE specifications!<br>
<br>
Bob<br>
<br>
<div class="moz-cite-prefix">On 09/12/2017 11:39 AM, Alejandro
Pulido wrote:<br>
</div>
<blockquote type="cite"
cite="mid:VI1PR0602MB3470026FB0239CED24F9B2B9BD690@VI1PR0602MB3470.eurprd06.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
<div id="divtagdefaultwrapper"
style="font-size:12pt;color:#666666;font-family:Tahoma,Geneva,sans-serif;"
dir="ltr">
<p>Hello!</p>
<p><br>
</p>
<p>Thanks for the response.</p>
<p>I was thinking of setting the duration fo the certificate to
infinite,</p>
<p>i.e. the Validity period set to infinite.</p>
<p>Because in the information I have, the only possibility is to
set the duration (in days) with the command, but the command
doesn't allow to put other value rather an integer.</p>
<p><br>
</p>
<p>Thanks again</p>
<p><br>
</p>
<p><br>
</p>
<div id="Signature"><font color="#2672ec" size="3"><b><i>Alejandro
J Pulido Duque</i></b></font>
</div>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
color="#000000" face="Calibri, sans-serif"><b>De:</b> Robert
Moskowitz <a class="moz-txt-link-rfc2396E" href="mailto:rgm@htt-consult.com"><rgm@htt-consult.com></a><br>
<b>Enviado:</b> martes, 12 de septiembre de 2017 14:30:20<br>
<b>Para:</b> <a class="moz-txt-link-abbreviated" href="mailto:openssl-users@openssl.org">openssl-users@openssl.org</a>; Alejandro Pulido<br>
<b>Asunto:</b> Re: [openssl-users] Doubt regarding O-SSL and
setting the duration of certificates</font>
<div> </div>
</div>
<div>Depends on the question....<br>
<br>
'Infinite' duration is used in IEEE 802.1AR Device Identities.
The concept is the vendor installs the certificate in read-only
memory. It is expected to be good for the life of the device.<br>
<br>
<div class="moz-cite-prefix">On 09/11/2017 05:32 AM, Alejandro
Pulido wrote:<br>
</div>
<blockquote type="cite"
cite="mid:VI1PR0601MB25769F555BF359B5EDF86DEEBD680@VI1PR0601MB2576.eurprd06.prod.outlook.com">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
<div id="divtagdefaultwrapper" style="color: rgb(102, 102,
102); font-family:
Tahoma,Geneva,sans-serif,'EmojiFont','Apple Color Emoji',
'Segoe UI Emoji', NotoColorEmoji, 'Segoe UI Symbol',
'Android Emoji', EmojiSymbols; font-size: 12pt;" dir="ltr">
<div style="margin-top: 0px; margin-bottom: 0px;"><font
style="font-family: Tahoma,serif,"EmojiFont";"
color="#666666" face="Tahoma">Dear team of OpenSSL,</font></div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font
style="font-family: Tahoma,serif,"EmojiFont";"
color="#666666" face="Tahoma"> </font></div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font
style="font-family: Tahoma,serif,"EmojiFont";"
color="#666666" face="Tahoma">First of all,
congratulations for your invaluable work!</font></div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font
style="font-family: Tahoma,serif,"EmojiFont";"
color="#666666" face="Tahoma"> </font></div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font
style="font-family: Tahoma,serif,"EmojiFont";"
color="#666666" face="Tahoma">I have a question
regarding the issue of certificates X.509 with infinite
duration and I don't know where to submit it.</font></div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font
style="font-family: Tahoma,serif,"EmojiFont";"
color="#666666" face="Tahoma"> </font></div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font
style="font-family: Tahoma,serif,"EmojiFont";"
color="#666666" face="Tahoma">Please, could you help me?</font></div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font
style="font-family: Tahoma,serif,"EmojiFont";"
color="#666666" face="Tahoma"> </font></div>
<div style="margin-top: 0px; margin-bottom: 0px;"><font
style="font-family: Tahoma,serif,"EmojiFont";"
color="#666666" face="Tahoma">Thank you very much and
kind regards</font></div>
<p><br>
</p>
<p><br>
</p>
<div id="Signature"><font color="#2672ec" size="3"><b><i>Alejandro
J Pulido Duque</i></b></font>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</div>
</blockquote>
<br>
</body>
</html>