[kazinator]

That just means that the timestamps have their own certification mechanism which is independent of the certificate on the file. That certification mechanism also has expiring keys. The attacker uses the cracked 2005 stamping key to stamp the file and the cracked certificate to sign it.

(If you could certify a timestamp forever, in a non-expiring, uncrackable way, why wouldn't you just use that for the whole file?)

[cba9]

> The attacker uses the cracked 2005 stamping key to stamp the file and the cracked certificate to sign it.

OK, so you don't actually understand how cryptographic timestamping works or the Bitcoin version. Please read up on it before commenting.

> If you could certify a timestamp forever, in a non-expiring, uncrackable way, why wouldn't you just use that for the whole file?

What you are timestamping is the whole file!

[kazinator]

Sorry, I mean something like "for the whole aspect of certifying the file, not just its time stamp".

(Of course the time stamp is for the whole file; not just for a subrange of bytes or whatever; if anything is altered, then the timestamp doesn't hold for the altered object.)