Mads Toftum wrote:
> Does that make sense? If I were to compromise a cert at some point in time,
> there would be nothing (except timestamping) that would keep me from
> signing something as if it had been signed in the past.
>
> And the shortcut here would be timestamping - handled by someone else
> that stores the original signature along with the timestamp. It would
> probably make sense for the time stamping authority to check the validity
> of the signers cert via OCSP or something similar.
The ETSI Electronic Signature Format (described in ETSI ES 201 733),
also published as an Internet Draft by ietf-smime (Electronic Signature
Formats for long term electronic signatures) for future publication as
an RFC goes into timestamping and path validation procedures for "adding
value" to electronic signatures.
The following figure (nicked from the id) illustrates one of the
proposed data types, ES-C (Electronic Signature with Complete validation
data):
+------------------------------------------------------------ES-C-----+
|+--------------------------------------------ES-T-----+ |
||+------Elect.Signature (ES)----------+ +------------+| +-----------+|
|||+---------+ +----------+ +---------+| |Timestamp || |Complete ||
||||Signature| | Other | | Digital || |over digital|| |certificate||
||||Policy ID| | Signed | |Signature|| |signature || |and ||
|||| | |Attributes| | || +------------+| |revocation ||
|||+---------+ +----------+ +---------+| | |references ||
||+------------------------------------+ | +-----------+|
|+-----------------------------------------------------+ |
+---------------------------------------------------------------------+
S/MIME Cryptographic Signature
