Certificate Expiration

I received this "Allegory for Certificate Expiration" from a friend:  "A
pilot is bringing in a 747 full of passengers for a landing. Suddenly his
controls freeze. Some small computer in the plane notices that his license
has just expired.

"Too often software that reads certificate expiration dates works like this."

I understand that a similar thing happened during an electronic commerce
demonstration.  This demo was a big deal, with big financial institutions,
big corporations, and a big government players involved.  The system had
been tested for weeks in the classic mode, with many engineers from each of
the players standing around watching the programs do their thing.

Finally, the time came to do the first real payment.  I.e.,. The payor
actually owed the payee the money that was being transferred.  The
engineers were joined by managers, and other interested parties, and the
payment order was sent into the system.  However, that day the payor's
certificate had expired.  The payment was rejected!  With everyone standing
around, a new certificate was swiftly generated, and the demonstration went

The moral of this story is that when we build these systems, certificate
expiration is a failure mode.  It is one that will happen.  It will have to
be dealt with gracefully, or the system will not be accepted by its users.
Systems will have to be designed to avoid placing people in danger due to
certificate expiration.  There will need to be good diagnostics so users
will know which certificate(s) expired, and how to get it renewed.  It will
be important to warn people that they are using certificates which are
about to expire.  The social systems people need to navigate to get
certificates renewed should not leave unpleasant memories.

