undefined | Better HN

0 pointsNateyJay8y ago0 comments

Recommended practice is to timestamp windows drivers (and software) when they are signed. Without a timestamp, the driver is not trusted after the signing cert expires, which I guess is what happened here.

With a timestamp, as long as the signing date was within the signing cert's validity period, the signed driver continues to be trusted beyond the signing certificate expiration.

0 comments

phkahler8y ago

That seems silly. Presumably a cert has an expiration date after which we might assume its been compromised. If it has been compromised then it could have been used to backdate a driver signed with it. In other words, if you don't trust the cert you should not trust anything signed by it. Or is there another layer in this somewhere?

ScottEvtuch8y ago

The timestamp server is a separate trusted entity that signs the signature asserting the date and time. It's not just metadata, it's effectively a separate signature.

Retric8y ago

Which just means the expiration date is meaningless.

If the driver was valid when it was signed, then revoking it will break the system. Not installing it is another story.

andrewstuart28y ago

The expiration date is the fallback if you don't have confirmation from the timestamp server that it was signed prior to expiration.

Ideally it's not used except by the timestamp service, but it seems like a fairly reasonable fallback.

2 more replies

gruez8y ago

>Which just means the expiration date is meaningless.

how so? it merely limits which dates you can sign code, after which the code you signed remain valid, but you can't sign any more code.

1 more reply

j / k navigate · click thread line to collapse