Public Key Woes

[urda]

Just saw the following notice:

The public key certificate used to verify beacon records expired on 7 May, 2017. However, the beacon remains operational and continues to sign messages with the same private key. Users may continue to use the expired certificate to verify records until we publish a new self-signed certificate in the near future.

---

Related Issues Tracking

• Integration Testing is Failing #22
  • The integration testing that signaled these problems
• Create tests to give insight into signatureValue changes #26
  • A GitHub issue to track building some type of tests / detection around this expired certificate.

[urda]

A few thoughts:

• If there is a way to verify signatures, and ignore the expired date on the public certificate, we should handle that case and still turn out verified records.
• If we cannot ignore the expired date, we will need to do something like:
  • Ignore verification all together and treat all records after the expire date invalid (most correct, but most problematic)
  • Bypass verification (seems very incorrect, completely bypasses proper record verification)
  • Ignore verification, add some type of indicator that it's possibly due to expired certificate (seems like a decent compromise)

[urda]

Actually it looks like the public certificate is not at fault here. Closing this issue.