What security assurances does Trusted Timestamping based on Cryotography provide?
What are the real-world uses of Trusted Timestamping?
Asked
Active
Viewed 925 times
1 Answers
4
Time stamping is meant to provide a verifiable proof that a given piece of data "existed" at some past date. One widespread time stamping protocol is described in RFC 3161: technically, the TSA (Time Stamping Authority) computes a digital signature on a structure which includes the current date (at the time of signature, as known by the TSA) and a hash value computed over the data which is to be time-stamped. The time stamp is a "proof" in a legal sense as long as there are mechanisms with appropriate legal value that guarantee that the TSA has a correct source for the current date and time, that its private key is properly protected and never used to sign fake time stamp structured, and that the purported TSA public key (used to verify the time stamp) is really the genuine key owned by the TSA. PKI may be involved.
A simple use of time stamping is to establish a proof of anteriority: the digital equivalent of a Soleau envelope. Time stamping is also a critical component of long-term archival of digitally signed data: digital signatures tend to "expire" (because, generically, the validity of a digital signature, as a kind of proof, depends on the continuous exclusive control of the private key by the signer, which is hard to maintain for extended period of times -- thus, certificates have an "end of validity" date). See ERS and CAdES for examples of how time stamping is used in such a context.
Legal frameworks on time stamping vary, depending on the country. In France, there is a state-managed registry for time stamping authorities and systems which can be viewed as a kind of diploma for TSA who "do it right" (in a very French, state-centralized way).
Authenticode can embed time stamps. PDF files can also be time stamped in a way which is already supported by Acrobat Reader, along the PAdES format (a PDF equivalent of CAdES).
Thomas Pornin
- 320,799
- 57
- 780
- 949