Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8023338

Update jarsigner to encourage timestamping

    Details

    • Subcomponent:
    • Resolved In Build:
      b02
    • Verification:
      Verified

      Backports

        Description

        Print a warning when there is no timestamp.

          Issue Links

            Activity

            Hide
            weijun Weijun Wang added a comment - - edited

            Full text of requirement:

                Update jarsigner to encourage timestamping
                Visibility: Open
                Availability: Open

                Background:
                Due to our increasing reliance on code signing and enforcing
                proper security practices the impact of an expired or revoked
                certificate is increasing.

                If a certificate where to be revoked, current industry standards
                mandate that all signatures done after the certificate is revoked
                must be considered untrustworthy but signatures done before the
                revocation can still be considered valid.

                If a signature is not timestamped though the only prudent course,
                when the certificate used to create it is revoked, is to assume
                that the signature was made after the certificate was revoked and
                no longer accept it as valid.

                Likewise we might choose to accept time-stamped signatures from
                expired certificates as valid as long as :
                the CA that issued the code-signing cert for the signature never
                trims expired certificates from their revocation lists
                The CA allows to revoke a certificate even after it has expired,
                backdating it to the date it was compromised
                The signature was done before the certificate was expired
                The certificate used to sign has not been revoked.

                It is therefore in the best interest of our developers to
                time-stamp all signatures

                Requirement:
                Update the code-signing tools in the JDK so that time-stamping is
                encourage. The change must be done in such a way as to allow
                existing code-signing scripts to work as long as the scripts can
                handle the additional warnings from the tool.

                The code-signing documentation must be updated accordingly.

             
            Show
            weijun Weijun Wang added a comment - - edited Full text of requirement:     Update jarsigner to encourage timestamping     Visibility: Open     Availability: Open     Background:     Due to our increasing reliance on code signing and enforcing     proper security practices the impact of an expired or revoked     certificate is increasing.     If a certificate where to be revoked, current industry standards     mandate that all signatures done after the certificate is revoked     must be considered untrustworthy but signatures done before the     revocation can still be considered valid.     If a signature is not timestamped though the only prudent course,     when the certificate used to create it is revoked, is to assume     that the signature was made after the certificate was revoked and     no longer accept it as valid.     Likewise we might choose to accept time-stamped signatures from     expired certificates as valid as long as :     the CA that issued the code-signing cert for the signature never     trims expired certificates from their revocation lists     The CA allows to revoke a certificate even after it has expired,     backdating it to the date it was compromised     The signature was done before the certificate was expired     The certificate used to sign has not been revoked.     It is therefore in the best interest of our developers to     time-stamp all signatures     Requirement:     Update the code-signing tools in the JDK so that time-stamping is     encourage. The change must be done in such a way as to allow     existing code-signing scripts to work as long as the scripts can     handle the additional warnings from the tool.     The code-signing documentation must be updated accordingly.  
            Hide
            darcy Joe Darcy added a comment -
            Removing erroneous tbd_minor value in affects version.
            Show
            darcy Joe Darcy added a comment - Removing erroneous tbd_minor value in affects version.
            Hide
            weijun Weijun Wang added a comment -
            Suggested release note for this change:

            Timestamping for a signed jar is highly recommended now. Jarsigner will print out an informational warning at signing or verifying when timestamp is missing.
            Show
            weijun Weijun Wang added a comment - Suggested release note for this change: Timestamping for a signed jar is highly recommended now. Jarsigner will print out an informational warning at signing or verifying when timestamp is missing.

              People

              • Assignee:
                weijun Weijun Wang
                Reporter:
                weijun Weijun Wang
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: