JDK-8023338 : Update jarsigner to encourage timestamping
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
Suggested release note for this change:
Timestamping for a signed jar is highly recommended now. Jarsigner will print out an informational warning at signing or verifying when timestamp is missing.
Removing erroneous tbd_minor value in affects version.
Full text of requirement:
Update jarsigner to encourage timestamping
Due to our increasing reliance on code signing and enforcing
proper security practices the impact of an expired or revoked
certificate is increasing.
If a certificate where to be revoked, current industry standards
mandate that all signatures done after the certificate is revoked
must be considered untrustworthy but signatures done before the
revocation can still be considered valid.
If a signature is not timestamped though the only prudent course,
when the certificate used to create it is revoked, is to assume
that the signature was made after the certificate was revoked and
no longer accept it as valid.
Likewise we might choose to accept time-stamped signatures from
expired certificates as valid as long as :
the CA that issued the code-signing cert for the signature never
trims expired certificates from their revocation lists
The CA allows to revoke a certificate even after it has expired,
backdating it to the date it was compromised
The signature was done before the certificate was expired
The certificate used to sign has not been revoked.
It is therefore in the best interest of our developers to
time-stamp all signatures
Update the code-signing tools in the JDK so that time-stamping is
encourage. The change must be done in such a way as to allow
existing code-signing scripts to work as long as the scripts can
handle the additional warnings from the tool.
The code-signing documentation must be updated accordingly.