(bug?) Revoked keys and past signatures
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Feb 11 21:22:36 CET 2015
On Tue 2015-02-10 18:24:19 -0500, Daniel Kahn Gillmor wrote:
> It sounds to me like you're asking for the standard to separate out
> "signature creation time" from "signature validity start time".
>
> This is an interesting proposal, and i can see why it would make sense
> for this scenario.
>
> I can also see it introducing a lot of subtle bugs in what is already a
> very nuanced and subtle area (certificate timestamp checking; not just
> in OpenPGP either -- the ongoing x.509 discussions about overlapping
> windows of certificate validity).
For reference, X.509 does not provide the signing time at all, but has
notBefore and notAfter fields. Other signed objects that use CMS can
potentially have all three, which is potentially confusing:
http://csrc.nist.gov/groups/SNS/piv/npivp/SP80078FAQ.htm
X.509 public key certificates do not specify the time of signature
generation, but do specify a validity period using the notBefore and
notAfter fields. For each of the X.509 certificates, the notBefore
time in the certificate should be used as the digital signature
generation date.
The digital signatures on the CHUID, biometric, and security object
are all encoded as Cryptographic Message Syntax (CMS) external digital
signatures, as defined in RFC 3852. RFC 3852 defines the signingTime
attribute, which specifies the time at which the signer (purportedly)
performed the signing process. If present in a particular object
(i.e., the CHUID, biometric, or security object), the signingTime
attribute should be used as the signature generation time. For any
object that omits the signingTime attribute, the notBefore time
encoded in the corresponding PIV Authentication certificate should be
used as the signature generation time.
(the above is slightly out of date, and should reference
https://tools.ietf.org/html/rfc5652#section-11.3 instead of RFC 3852)
--dkg
More information about the Gnupg-users
mailing list