On 22/12/2014 13:57, Dave Thompson wrote: > > At least for now; there is another thread started just a few days ago > about all PEM formats used by OpenSSL suggesting the traditional > privatekey forms are obsolete and maybe should be deleted! Please don't do that until 5+ years after 0.9.8 end-of-life. Because private keyswritten by 0.9.8 to securely stored offline media will be using the old formatand need to be usable down the line. Most certificates expire after 5 years orless though a few private keys may be needed much later: 1. Decryption certificates/keys may be needed to decrypt data long after the certificateexpired (in fact, as long as the data remains relevant, think 30+ years for mortgagecontracts, 50+ years for life insurance, and 140+ years for copyright disputes). 2. A few certs (e.g. CA roots and Android developer certs) have very long (30+ years)certificate lifetimes, but those tend to be used regularly over that period, givingplenty of opportunity to convert the private key files. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141222/a96f2ed7/attachment.html>
