I wonder why there is no timestamping used on the binaries.
If I sign a binary with Authenticode on Windows and I use a timestamp server, Windows still considers the binary signature valid, even if the certificate expired because it can verify that at the time of signing the certificate was valid.
If you don't use a timestamp server when signing the binary, after certificate expiration the binary is considered invalid.
If I sign a binary with Authenticode on Windows and I use a timestamp server, Windows still considers the binary signature valid, even if the certificate expired because it can verify that at the time of signing the certificate was valid.
If you don't use a timestamp server when signing the binary, after certificate expiration the binary is considered invalid.