United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-8023338 : Update jarsigner to encourage timestamping

Details
Type:
Enhancement
Submit Date:
2013-08-20
Status:
Closed
Updated Date:
2014-01-20
Project Name:
JDK
Resolved Date:
2013-10-04
Component:
security-libs
OS:
Sub-Component:
java.security
CPU:
Priority:
P3
Resolution:
Fixed
Affected Versions:
7u60,8
Fixed Versions:
7u51 (b02)

Related Reports
Backport:
Backport:
Backport:
Backport:

Sub Tasks

Description
Print a warning when there is no timestamp.
                                    

Comments
Suggested release note for this change:

Timestamping for a signed jar is highly recommended now. Jarsigner will print out an informational warning at signing or verifying when timestamp is missing.
                                     
2013-10-01
Removing erroneous tbd_minor value in affects version.
                                     
2013-09-17
Full text of requirement:

    Update jarsigner to encourage timestamping
    Visibility: Open
    Availability: Open

    Background:
    Due to our increasing reliance on code signing and enforcing
    proper security practices the impact of an expired or revoked
    certificate is increasing.

    If a certificate where to be revoked, current industry standards
    mandate that all signatures done after the certificate is revoked
    must be considered untrustworthy but signatures done before the
    revocation can still be considered valid.

    If a signature is not timestamped though the only prudent course,
    when the certificate used to create it is revoked,  is to assume
    that the signature was made after the certificate was revoked and
    no longer accept it as valid.

    Likewise we might choose to accept time-stamped signatures from
    expired certificates as valid as long as :
    the CA that issued the code-signing cert for the signature never
    trims expired certificates from their revocation lists
    The CA allows to revoke a certificate even after it has expired,
    backdating it to the date it was compromised
    The signature was done before the certificate was expired
    The certificate used to sign has not been revoked.

    It is therefore in the best interest of our developers to
    time-stamp all signatures

    Requirement:
    Update the code-signing tools in the JDK so that time-stamping is
    encourage.  The change must be done in such a way as to allow
    existing code-signing scripts to work as long as the scripts can
    handle the additional warnings from the tool.

    The code-signing documentation must be updated accordingly.

 
                                     
2013-08-20



Hardware and Software, Engineered to Work Together