> On Feb 16, 2021, at 1:34 PM, Hubert Kario <hkario@xxxxxxxxxx> wrote: > > the whole problem is that if you trust the date in the timestamp as the date the timestamp was created, attacker can compromise the TSA key years after > it was last used and then create timestamps that look like they have been > created while the TSA key was still valid Timestamps can only be deemed authentic if they are part of a Merkle chain that validates all past timestamps signed with a *currently* still trusted key. The trusted key can change from time to time, but the Merkle chain needs to be append-only. Once a given Merkle chain is abandoned, and no longer has an active signer attesting to the validity of long-ago events, at some point it becomes impossible to say anything meaningful about the integrity of past signatures. -- Viktor.
