(bug?) Revoked keys and past signatures

[Daniel Kahn Gillmor]

On Tue 2015-02-10 18:24:19 -0500, Daniel Kahn Gillmor wrote:
> It sounds to me like you're asking for the standard to separate out
> "signature creation time" from "signature validity start time".
>
> This is an interesting proposal, and i can see why it would make sense
> for this scenario.
>
> I can also see it introducing a lot of subtle bugs in what is already a
> very nuanced and subtle area (certificate timestamp checking; not just
> in OpenPGP either -- the ongoing x.509 discussions about overlapping
> windows of certificate validity).

For reference, X.509 does not provide the signing time at all, but has
notBefore and notAfter fields.  Other signed objects that use CMS can
potentially have all three, which is potentially confusing:

http://csrc.nist.gov/groups/SNS/piv/npivp/SP80078FAQ.htm

  X.509 public key certificates do not specify the time of signature
  generation, but do specify a validity period using the notBefore and
  notAfter fields. For each of the X.509 certificates, the notBefore
  time in the certificate should be used as the digital signature
  generation date.

  The digital signatures on the CHUID, biometric, and security object
  are all encoded as Cryptographic Message Syntax (CMS) external digital
  signatures, as defined in RFC 3852. RFC 3852 defines the signingTime
  attribute, which specifies the time at which the signer (purportedly)
  performed the signing process. If present in a particular object
  (i.e., the CHUID, biometric, or security object), the signingTime
  attribute should be used as the signature generation time. For any
  object that omits the signingTime attribute, the notBefore time
  encoded in the corresponding PIV Authentication certificate should be
  used as the signature generation time.


(the above is slightly out of date, and should reference
https://tools.ietf.org/html/rfc5652#section-11.3 instead of RFC 3852)


        --dkg