On 08.02.24 16:27, openssl-users-request@xxxxxxxxxxx digested:
Date: Thu, 08 Feb 2024 15:46:54 +0100 From: Tomas Mraz <tomas@xxxxxxxxxxx> On Thu, 2024-02-08 at 14:13 +0100, Fran?ois Legal wrote:Sure I get the point. You can't really be sure that the signature was made at the clained time as the signerInfo structure is not signed itself. Could you please comment however on why verifying the validity of the certificate at the verification date is better in that matter.The expiration of the certificate means - albeit in an extreme case - that the private key is no longer trusted - i.e., it can do anything like malicious signatures of crafted data, etc. So unless you have trusted timestamps on the signed document, after the certificate expiration, the signature has no validity. Of course this is a little bit extreme view but...
Not that calling your official local lawmakers "extremists" will help you any ... ;-)
(I.e., when people like notaries keep hold of digitally signed documents for the required time of X years and the signature's validity ends before that, they're legally required to re-sign document and old signature(s) with a new signature of their own, which certifies that they had that data in their possession at a time when the old signature was still valid. Repeat as necessary for the *really* long-term archival.)
More generally speaking, what you'd *want* to do is to verify the signature WRT the moment you *yourself* obtained the doc+sig and can vouch that it hasn't been altered since - but that timestamp cannot be obtained by technical means (unless you habitually counter-sign right at *reception*) and "now" is used as a pessimistic approximation.
(... *usually* pessimistic. Had to pontificate on the pitfalls of not doing NTP or PTP properly just half an hour ago ...)
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
