Merge pull request #6 from hannestschofenig/patch-3

Added text about the validity of certificates

draft-ietf-uta-tls13-iot-profile.md

@@ -226,7 +226,20 @@ Contains the DN of the issuing CA.
 
 ### Validity
 
-No maximum validity period is mandated.
+No maximum validity period is mandated. Validity values are expressed as UTCTime
+in notBefore and notAfter fields, as mandated in {{!RFC5280}}. 
+
+In many cases it is necessary to indicate that a certificate does not expire. 
+This is likely to be the case for manufacturer-provisioned certificates.
+RFC 5280 provides a simple solution to convey the fact that a certificate 
+has no well-defined expiration date by setting the notAfter to the 
+GeneralizedTime value of 99991231235959Z.
+
+Some devices might not have a reliable source of time and for those devices it 
+is also advisable to use certificates with no expiration date and to let a 
+device management solution manage the lifetime of all the certificates used by 
+the device. While this approach does not utilize certificates to its widest extent, 
+it is a solution that extends the capabilities offered by a raw public key approach.
 
 ### subjectPublicKeyInfo
 
@@ -306,6 +319,10 @@ A list of open issues can be found at https://github.com/thomas-fossati/draft-tl
 
 This entire document is about security.
 
+# Acknowledgements
+
+We would like to thank Ben Kaduk and John Mattsson. 
+
 # IANA Considerations
 
 IANA is asked to add the Option defined in {{early-data-option}} to the CoAP