[Cscwg-public] Follow-up on Time-stamp Authority Items

Thu Jan 6 16:39:21 UTC 2022

Hi Bruce,

Comments inline.

> I did reach out to Oracle about revocation and time-stamping. The answer
was that a signature is not trusted after the Code Signing certificate has
expired or has been revoked. As such, even if the signature was time-stamped
it would not be trusted if the Code Signing certificate is revoked or
expired.

This is great to know, thank you for confirming with Oracle and sharing with
the group.

> QUESTION - Why do we need to change the TSA private key with 15 months if
the private key is protected the same way as a CA key (i.e., FIPS 140-2
Level 3 and NetSec)?

To the best of my knowledge, Authenticode does not perform any revocation
checking for the TSA certificate chain (even for the end-entity). This means
that if the Private Key corresponding to a TSA were compromised, then it
would be possible to forge timestamp tokens to any date within the validity
period of the TSA certificate. If such a compromise were to occur, I imagine
the only mitigation is for RP software (i.e., Windows) to blocklist the TSA
Public Key, thus rendering all timestamp tokens signed by that key invalid.
If that TSA Key Pair were in use for a long time (more than 15 months), then
more signed application code would be negatively affected than would be if
the TSA key were regularly rotated. Thus, mandating key rotation limits the
ecosystem impact of such a key compromise.

Ian, does this match your understanding?

Thanks,

Corey

From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Bruce
Morton via Cscwg-public
Sent: Friday, December 17, 2021 1:21 PM
To: cscwg-public at cabforum.org
Subject: [Cscwg-public] Follow-up on Time-stamp Authority Items

TSA Certificate Validity Period

*	I did reach out to Oracle about revocation and time-stamping. The
answer was that a signature is not trusted after the Code Signing
certificate has expired or has been revoked. As such, even if the signature
was time-stamped it would not be trusted if the Code Signing certificate is
revoked or expired.

TSA Rekey every 15 months

*	CSBR 9.4 states, "The Timestamp Authority MUST use a new Timestamp
Certificate with a new private key no later than every 15 months to minimize
the impact to users in the event that a Timestamp Certificate's private key
is compromised. The validity for a Timestamp Certificate must not exceed 135
months. The Timestamp Certificate MUST meet the "Minimum Cryptographic
Algorithm and Key Size Requirements" in Appendix A for the communicated time
period."
*	CSBR 16.1 (2) states, "A Timestamp Authority MUST protect its
signing key using a process that is at least to FIPS 140-2 Level 3, Common
Criteria EAL 4+ (ALC_FLR.2), or higher. The CA MUST protect its signing
operations in accordance with the CA/Browser Forum's Network Security
Guidelines. Any changes to its signing process MUST be an auditable event."
*	QUESTION - Why do we need to change the TSA private key with 15
months if the private key is protected the same way as a CA key (i.e., FIPS
140-2 Level 3 and NetSec)?
*	The discussion on the call is that a TSA certificate is a leaf
certificate, but since the key is managed the same as a Subordinate CA it
seems to be more like a CA certificate.

Open for comments.

Thanks, Bruce.

Any email and files/attachments transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom they are
addressed. If this message has been sent to you in error, you must not copy,
distribute or disclose of the information it contains. Please notify Entrust
immediately and delete the message from your system. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20220106/2dfa8c04/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4990 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20220106/2dfa8c04/attachment-0001.p7s>