[Cscwg-public] Follow-up on Time-stamp Authority Items

Ian McMillan ianmcm at microsoft.com
Thu Jan 13 18:02:14 UTC 2022


Hi Folks,

I followed up to make sure we have the behavior for Windows understood. WVT (WinVerifyTrust) will do revocation checking for the TSA cert and if timestamped with that TSA, and it will consider the signature as invalid even if the signing cert is still valid at the time of checking. Corey's point about the broad usage leads to larger impact in the revocation scenario does play a large factor and why I would like to see the TSA entity certificate max validity come down to 15 months, and we remove the rekey requirement.

Thanks,
Ian

From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Corey Bonnell via Cscwg-public
Sent: Thursday, January 6, 2022 11:40 AM
To: Bruce Morton <bruce.morton at entrust.com>; cscwg-public at cabforum.org
Subject: [EXTERNAL] Re: [Cscwg-public] Follow-up on Time-stamp Authority Items

Hi Bruce,
Comments inline.

> I did reach out to Oracle about revocation and time-stamping. The answer was that a signature is not trusted after the Code Signing certificate has expired or has been revoked. As such, even if the signature was time-stamped it would not be trusted if the Code Signing certificate is revoked or expired.

This is great to know, thank you for confirming with Oracle and sharing with the group.

> QUESTION - Why do we need to change the TSA private key with 15 months if the private key is protected the same way as a CA key (i.e., FIPS 140-2 Level 3 and NetSec)?

To the best of my knowledge, Authenticode does not perform any revocation checking for the TSA certificate chain (even for the end-entity). This means that if the Private Key corresponding to a TSA were compromised, then it would be possible to forge timestamp tokens to any date within the validity period of the TSA certificate. If such a compromise were to occur, I imagine the only mitigation is for RP software (i.e., Windows) to blocklist the TSA Public Key, thus rendering all timestamp tokens signed by that key invalid. If that TSA Key Pair were in use for a long time (more than 15 months), then more signed application code would be negatively affected than would be if the TSA key were regularly rotated. Thus, mandating key rotation limits the ecosystem impact of such a key compromise.

Ian, does this match your understanding?

Thanks,
Corey

From: Cscwg-public <cscwg-public-bounces at cabforum.org<mailto:cscwg-public-bounces at cabforum.org>> On Behalf Of Bruce Morton via Cscwg-public
Sent: Friday, December 17, 2021 1:21 PM
To: cscwg-public at cabforum.org<mailto:cscwg-public at cabforum.org>
Subject: [Cscwg-public] Follow-up on Time-stamp Authority Items

TSA Certificate Validity Period

  *   I did reach out to Oracle about revocation and time-stamping. The answer was that a signature is not trusted after the Code Signing certificate has expired or has been revoked. As such, even if the signature was time-stamped it would not be trusted if the Code Signing certificate is revoked or expired.


TSA Rekey every 15 months

  *   CSBR 9.4 states, "The Timestamp Authority MUST use a new Timestamp Certificate with a new private key no later than every 15 months to minimize the impact to users in the event that a Timestamp Certificate's private key is compromised. The validity for a Timestamp Certificate must not exceed 135 months. The Timestamp Certificate MUST meet the "Minimum Cryptographic Algorithm and Key Size Requirements" in Appendix A for the communicated time period."
  *   CSBR 16.1 (2) states, "A Timestamp Authority MUST protect its signing key using a process that is at least to FIPS 140-2 Level 3, Common Criteria EAL 4+ (ALC_FLR.2), or higher. The CA MUST protect its signing operations in accordance with the CA/Browser Forum's Network Security Guidelines. Any changes to its signing process MUST be an auditable event."
  *   QUESTION - Why do we need to change the TSA private key with 15 months if the private key is protected the same way as a CA key (i.e., FIPS 140-2 Level 3 and NetSec)?
  *   The discussion on the call is that a TSA certificate is a leaf certificate, but since the key is managed the same as a Subordinate CA it seems to be more like a CA certificate.

Open for comments.


Thanks, Bruce.
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20220113/ba12d756/attachment.html>


More information about the Cscwg-public mailing list