|
|
|
|
|
|
by stupidthrottle
2603 days ago
|
|
|
> can be fraudulently constructed for any timestamp value by someone who has the private key for the TSA Sure. Which is why these are heavily secured and guarded. Just like the keys for any cert, and highly trusted root certs in particular. Any private/public crypto system can be compromised if the private keys are leaked. Everyone knows that. That however is in no way a good argument for not using timestamps. |
|
|
Alice the OS Vendor wants to let Bob the Developer make certificates saying these are his Programs, she is worried Bob will screw up so his cert needs to have a short lifetime, but her OS needs to be able to accept the certs after that lifetime expires so users can still run their Programs. So, Bob makes certificates and uses Trent's public TSA that Alice authorised to prove they were made when they say they were. Alice only has to trust Trent (who is good at his job) for a long period, and Bob who can be expected to screw up gets only short-lived certificates.
But Mozilla's setup doesn't have these extra parties. There is intentionally no Bob in Mozilla's version of the story, they sign add-ons themselves, so timestamping plays no role. If a 25 year TSA would be appropriate (hint: it would not) then a 25 year intermediate cert would be just as appropriate and simpler to implement for Mozilla.