Notary v2 - External TimeStamp Server

# Notary v2 - External TimeStamp Server ###### tags: `notary` Time Stamping Authorities (TSAs) defined by RFC3161 provide signed timestamp for a signature in order to prove that the signature was generated during the validity period of a certificate. Scenarios With TSA, signature can be considered valid even if the signing cerificate is expired. This technique is widely used by Authenticode with SignTool, NuGet, Adobe Acrobat, and many other industrial products. In the world of artifacts, including container images, scenarios are Developers sign their artifacts or images with certificates. The certificates MAY have a configurable expiry time. Developers publish their artifacts or images and at a later date stop maintaining them. Content consumers SHOULD be able to verify signatures until they expire and use the artifacts or images Attackers with compromised keys try to sign artifacts or images with timestamps before the key compromise event. ## Pros and Cons There are many public TSA servers available on the Internet. The advantages of public timestamp servers are obvious: Public Free However, those public TSAs also come with disadvantages: Require Internet access for signing It is not really a disadvantage since public TSAs are online services. Devices in the air-gapped environment SHALL access the Internet for timestamp signing services. Out of the control of the signer External dependency Availability is not assured. No SLA on signing. Not all TSAs are available in all regions. Some regions may have high latency. The certificates of TSAs MAY be revoked at any time without notices. The removal of trust of VeriSign broke .NET 5+ NuGet. Thus Microsoft has to disable the package verification with a new release to unblock customers. Implications of not using a signed timestamp for a signature In the absense of additional timestamp signature, the signature is only considered valid till key expiry. This may limit the use of short lived keys. In case of key compromise it’s not possible to revoke signatures from a point in time where the time of compromise is known, as an attacker can create signatures with any signature time (by changing local time)