Timestamping is recommended as the way to prolong signature validity after its certificate expiration date. One just need to add new timestamp signature before previous timestamp is expired. But what's the purpose of introducing special kind of signature if you still can do the same with main signature resigning data with fresh certificate while the last is alive?
Asked
Active
Viewed 263 times
1 Answers
3
Timestamping is a special kind of signature already.
TS = Sign(Hash(info | X) | time)
The renewal is :
TS' = Sign(Hash(TS | info) | time)
Of course, you could sign the original info with the new certificate and not using this technique. But this sometimes might not be possible or practical. For example when dealing with a contract, you would want to prolong the validity without having the party to meet again. Furthermore, the timestamping prolongation also ensures that the content of the original document remains the same during the procedure.
See source
M'vy
- 13,033
- 3
- 47
- 69
-
By 'special kind of signature' I meant exactly Timestamping. Why with a contract would be necessary some meeting for code signing, but not for timestamping? Content invariability looks possible to be confirm with code sign chaining also. – SerG Apr 18 '16 at 13:50
-
1Cause contract would be signed by both party. Timestamp chaining only involves the Timestamping authority. Furthermore, with TS chain you don't have to check the content of the file to actually be sure they are the same. You just verify the hash/sign matches. – M'vy Apr 18 '16 at 14:02
-
What's wrong with just using hash (without recalculation) from previous sign while its cert is still valid? – SerG Apr 18 '16 at 14:07
-
1That is what TS chaining is doing. – M'vy Apr 18 '16 at 14:38