[cryptography] airgaps in CAs
pgut001 at cs.auckland.ac.nz
Mon Dec 12 22:47:32 EST 2011
Arshad Noor <arshad.noor at strongauth.com> writes:
>A TSA is not a CA; it is just another end-entity whose certificate can be
>revoked, if necessary. This does not necessarily invalidate the signed
>time-stamps it issued before the revocation date (unless the TSA's CP
>indicates another interpretation). I'm not sure where the "irrevocable cert"
>for a TSA comes from.
If a TSA timestamps signatures (whose certs have long since expired, so it's
only the timestamp that's keeping the signature valid), and it's discovered
that there was a problem one or more years ago (as there has been for some CA
compromises) then you'd need to issue a backdated revocation in order to catch
the compromise, since using a revocation date of "now" won't revoke all the
malware that's been signed/timestamped. Since backdating the TSA cert
revocation would potentially brick hundreds of millions of machines when their
signed device drivers and other binaries fail to validate, you can't afford to
do it. The TSA cert is therefore irrevocable (or at least you can't revoke it
in a manner that makes it effective against signed malware).
More information about the cryptography