0

As i read from this Anser, ETSIs best practice for an LTV enabled PDF is to add a DSS and a document level timestamp. According to adobe, a document level timestamp isn't needed, only a valid CRL or OSCP response for every certificate.

I'm not sure if i understand what the document timestamp is for. As i understand it, this is used to add another DSS + timestamp before the last document timestamp is expiring, to expand the signature lifetime of the document.

Does that mean, if a add no timestamp, the document won't be LTV enabled anymore after the origin certificate is expired? But that would defeat the purpose of LTV.

Community
  • 1
  • 1
secador de pelo
  • 687
  • 5
  • 26

1 Answers1

0

Yay i found out what it's used for: It's all for security ;)

The timestamp is added to make sure that the CRL and OSCP responses where added when the signing key was still valid, otherwise the CRL and OCSP responses could be cached and added long after the key has expired or has been revoked.

But why does adobe show a PDF as LTV enabled when there is no document timestamp?

secador de pelo
  • 687
  • 5
  • 26
  • 1
    *why does adobe show a PDF as LTV enabled when there is no document timestamp* - I'm afraid that "LTV enabled" does not really mean that the PDF takes part in a LTV process but that it merely contains the required information to enter a LTV process without the need of additional external validation information. – mkl Jan 14 '15 at 11:01