[cryptography] airgaps in CAs

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Dec 12 22:47:32 EST 2011

Arshad Noor <arshad.noor at strongauth.com> writes:

>A TSA is not a CA; it is just another end-entity whose certificate can be 
>revoked, if necessary. This does not necessarily invalidate the signed 
>time-stamps it issued before the revocation date (unless the TSA's CP 
>indicates another interpretation). I'm not sure where the "irrevocable cert" 
>for a TSA comes from.

If a TSA timestamps signatures (whose certs have long since expired, so it's 
only the timestamp that's keeping the signature valid), and it's discovered 
that there was a problem one or more years ago (as there has been for some CA 
compromises) then you'd need to issue a backdated revocation in order to catch 
the compromise, since using a revocation date of "now" won't revoke all the 
malware that's been signed/timestamped.  Since backdating the TSA cert 
revocation would potentially brick hundreds of millions of machines when their 
signed device drivers and other binaries fail to validate, you can't afford to 
do it.  The TSA cert is therefore irrevocable (or at least you can't revoke it
in a manner that makes it effective against signed malware).


More information about the cryptography mailing list