….and I assume the revocation can’t be back-dated? | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		hamandcheese on May 24, 2022 \| parent \| context \| favorite \| on: Zoom: Remote Code Execution with XMPP Stanza Smugg... ….and I assume the revocation can’t be back-dated?

ComputerGuru on May 24, 2022 [–]

timestamps must come from a globally recognized signed source, like digicert or verisign.

iancarroll on May 24, 2022 | [–]

The CA could backdate the CRL’s revocation timestamp if they wanted, but it seems unlikely and presumably it’s not allowed.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact