On 12/12/2011 07:47 PM, Peter Gutmann wrote:
If a TSA timestamps signatures (whose certs have long since expired, so it's only the timestamp that's keeping the signature valid), and it's discovered that there was a problem one or more years ago (as there has been for some CA compromises) then you'd need to issue a backdated revocation in order to catch the compromise, since using a revocation date of "now" won't revoke all the malware that's been signed/timestamped. Since backdating the TSA cert revocation would potentially brick hundreds of millions of machines when their signed device drivers and other binaries fail to validate, you can't afford to do it. The TSA cert is therefore irrevocable (or at least you can't revoke it in a manner that makes it effective against signed malware).
A TSA time-stamp on an object merely attests that the object existed in a given state, at a specific time. If the TSA's policy allows for interpreting more into the time-stamp other than what's described above, then that's a different matter (I could be wrong, but I honestly doubt that TSAs will accept more liability than what's described above for their time-stamps). In the case of signed software, whether the signature includes a TSA's time-stamp or not, the most assurance an RP should assume from the signature, is that the software was signed with some private-key that corresponds to the verifying key, and that the software was not modified since the signature was affixed. If the RP (or OS/driver vendor) finds out that the CA which issued the driver-signing cert was compromised some months/years ago, the driver vendor would be best advised to release a patch immediately, with a new signature using a new certificate from a new CA, a new time-stamp from a TSA, and update their old driver regardless of the revocation status of the old CA, the TSA, or the status of their old signing key. Prudent businesses will not wait to do so. Arshad Noor StrongAuth, Inc. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
