security issue in archive timestamp chain?

[Vittek Robert <vittek@xxxxxxxx>]

We are currently implementing a long term electronic signature based on XAdES, so I went through TS 101 903, TS 101 733 and other RFCs that led me finaly to LTANS group because XAdES does not address the problem of validation of TSA certificates ("Rules for acceptance of the validity of the signature within the time-stamp, involving trust decisions, are out of the scope of the present document.").

I am interested in solving the following problem.

http://tools.ietf.org/html/rfc4998#section-5.3 states that: Each Archive Timestamp MUST be valid relative to the time of the following Archive Timestamp.

Let's assume that we have Archive Time-Stamp 1 (ATS1) and we need to renew it and safeguard the validation data for ATS1 at the same time. But the next Archive Time-Stamp 2 (ATS2) can prove existence only of the CRLs issued before time T2 (from ATS2). ATS2 does NOT give any evidence that there was not another CRL2 (issued by CA that issued TSA1 certificate) which contained information on revocation of TSA1 certificate.

I think that arbitration on validity of ATS1 might take place long after the archive of relevant CRLs is available and long after the used cryptography is strong enough, so the attacker might produce such CRL2 himself just to cast doubt upon the archived data.

In other words: while T2 - safeguardedCRLforTSA1.thisUpdate > 0, arbitrator can not be sure that there was not another CRL2 that listed TSA1 certificate.

Am I missing something or is it a security issue?


Mgr. Robert Vittek

DITEC, a.s.
Bratislava Business Center V
Plynárenská 7/C
821 09 Bratislava

voice: +421 2 58 222 487
fax: +421 2 58 222 777
cell: +421 908 797 827
mailto:vittek@xxxxxxxx