summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2012-07-12 15:42:08 -0700
committerPhil Pennock <pdp@exim.org>2012-07-12 15:42:08 -0700
commit1dec42400b8243809625f0e18e0aa626ee708e16 (patch)
tree6823da095d3ec4d680b05f87544f2bb13ce79a2b /doc
parentc1c469dbe99c0521df4dff0eb057622416886fae (diff)
Doc note re 9999 days & 32bit time (SSL certs)
Thanks to Jay Rouman for highlighting that there can be rollover. I have chosen *not* to reduce the duration, but to leave it and instead provoke thought on the part of those deploying systems, if this bites them.
Diffstat (limited to 'doc')
-rw-r--r--doc/doc-docbook/spec.xfpt18
1 files changed, 18 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 579c112c9..140d8f993 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -25866,6 +25866,8 @@ install if the receiving end is a client MUA that can interact with a user.
.cindex "certificate" "self-signed"
You can create a self-signed certificate using the &'req'& command provided
with OpenSSL, like this:
+. ==== Do not shorten the duration here without reading and considering
+. ==== the text below. Please leave it at 9999 days.
.code
openssl req -x509 -newkey rsa:1024 -keyout file1 -out file2 \
-days 9999 -nodes
@@ -25878,6 +25880,22 @@ that you are prompted for, and any use that is made of the key causes more
prompting for the passphrase. This is not helpful if you are going to use
this certificate and key in an MTA, where prompting is not possible.
+. ==== I expect to still be working 26 years from now. The less technical
+. ==== debt I create, in terms of storing up trouble for my later years, the
+. ==== happier I will be then. We really have reached the point where we
+. ==== should start, at the very least, provoking thought and making folks
+. ==== pause before proceeding, instead of leaving all the fixes until two
+. ==== years before 2^31 seconds after the 1970 Unix epoch.
+. ==== -pdp, 2012
+NB: we are now past the point where 9999 days takes us past the 32-bit Unix
+epoch. If your system uses unsigned time_t (most do) and is 32-bit, then
+the above command might produce a date in the past. Think carefully about
+the lifetime of the systems you're deploying, and either reduce the duration
+of the certificate or reconsider your platform deployment. (At time of
+writing, reducing the duration is the most likely choice, but the inexorable
+progression of time takes us steadily towards an era where this will not
+be a sensible resolution).
+
A self-signed certificate made in this way is sufficient for testing, and
may be adequate for all your requirements if you are mainly interested in
encrypting transfers, and not in secure identification.