What does 'openssl ts -verify' verify exactly?
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Feb 16 19:49:07 UTC 2021
> On Feb 16, 2021, at 1:34 PM, Hubert Kario <hkario at redhat.com> wrote:
>
> the whole problem is that if you trust the date in the timestamp as the date the timestamp was created, attacker can compromise the TSA key years after
> it was last used and then create timestamps that look like they have been
> created while the TSA key was still valid
Timestamps can only be deemed authentic if they are part of a Merkle
chain that validates all past timestamps signed with a *currently*
still trusted key. The trusted key can change from time to time,
but the Merkle chain needs to be append-only.
Once a given Merkle chain is abandoned, and no longer has an active
signer attesting to the validity of long-ago events, at some point
it becomes impossible to say anything meaningful about the integrity
of past signatures.
--
Viktor.
More information about the openssl-users
mailing list