What does 'openssl ts -verify' verify exactly?

Viktor Dukhovni openssl-users at dukhovni.org
Tue Feb 16 19:49:07 UTC 2021


> On Feb 16, 2021, at 1:34 PM, Hubert Kario <hkario at redhat.com> wrote:
> 
> the whole problem is that if you trust the date in the timestamp as the date the timestamp was created, attacker can compromise the TSA key years after
> it was last used and then create timestamps that look like they have been
> created while the TSA key was still valid

Timestamps can only be deemed authentic if they are part of a Merkle
chain that validates all past timestamps signed with a *currently*
still trusted key.  The trusted key can change from time to time,
but the Merkle chain needs to be append-only.

Once a given Merkle chain is abandoned, and no longer has an active
signer attesting to the validity of long-ago events, at some point
it becomes impossible to say anything meaningful about the integrity
of past signatures.

-- 
	Viktor.



More information about the openssl-users mailing list