So instead of trying to conform to the x.509 spec MS should have just developed their own certificate validation scheme, because that would totally be less of a "footgun" than conforming to the spec.
Am I getting this right?
Why aren't we blaming the people behind RFC5280, after all it was them who came up with this awful idea that certificates should expire.
>giant footgun
oh dear god how are you generating your certificates? This is not a footgun unless you are doing something immeasurably stupid before even involving MS products.
Besides, if you insist on going ahead and setting the Not After field, wouldn't it be a bigger footgun to ignore that?
However, I'd argue that disregarding the Validity section would be an unusually big departure from the spec, not comparable to the typical silliness surrounding x.509.
Am I getting this right?
Why aren't we blaming the people behind RFC5280, after all it was them who came up with this awful idea that certificates should expire.
>giant footgun
oh dear god how are you generating your certificates? This is not a footgun unless you are doing something immeasurably stupid before even involving MS products.
Besides, if you insist on going ahead and setting the Not After field, wouldn't it be a bigger footgun to ignore that?