Support timestamp responses during both signing and verification?

[woodruffw]

Sigstore has an RFC 3161 TSA now, and signers can request a TSR from it while signing.

During signing, this would probably look like:

1. Doing signing as normal;
2. Submitting a timestamp request (probably the digest of the signature) to Sigstore's TSA (or a custom TSA), and retrieving the TSR
3. Uploading the TSR to Rekor

and then, for verification:

1. Checking if a TSR is present ({input}.tsr);
2. If present, verifying it against the TSA's public material;
3. Confirming that the TSR was entered into Rekor during the certificate's validity period

(I think I got that right, but I might be missing a few details.)

cc @di for thoughts on whether we should support this.

[woodruffw]

CC @tnytown this is a good one to take a stab at as well!

[woodruffw]

Some relevant docs here: https://github.com/sigstore/timestamp-authority

[woodruffw]

xref sigstore/root-signing#466: this is probably blocked for us on the fact that the TSA's cert chain isn't included in the TUF repo yet.

Edit: Scheduled for v7 of the TUF root: sigstore/root-signing#616

[woodruffw]

Should be unblocked now.

Triage: this might be worth scheduling for the 2.0, although nobody is currently assigned to it.

[haydentherapper]

Hey @woodruffw, just wondering, are there any major blockers for this? Is there python support for rfc3161 timestamping?

[woodruffw]

Hey @woodruffw, just wondering, are there any major blockers for this? Is there python support for rfc3161 timestamping?

I don't know of a good client implementation, unfortunately 😞 -- there are a few public ones, but most seem pretty small:

• https://github.com/pyauth/tsp-client
• https://github.com/trbs/rfc3161ng

(tsp-client looks promising, but I haven't looked closely at it yet.)

Another option here would be to add TSR/RFC 3161 support to Cryptography, or potentially reuse the existing PKCS#7/CMS support (since, IIRC, RFC 3161 boils down to a CMS envelope anyways).

[woodruffw]

I did some design thinking on this yesterday, and there are pretty much two different routes we can go:

1. We can use rfc3161ng and accept the pyasn1 dependency -- this seems to be stable and has been around for a while, although rfc3161ng also seems to want to do its own TSP networking + has its own conventions (which seem old) for digest support on TSAs.
2. We could perform a minimal greenfield implementation of RFC 3161, built on rust-asn1 -- this implementation should be very simple since it'll be datastructures + verification APIs only, with networking/request management devolved to the integration layer.

Given the amount of time we have, I'm tempted to go with (2) -- we already use rust-asn1 extensively via cryptography and have lots of experience developing with it, plus it'd be a much more stable/flexible base to build sigstore-python's functionality off of.

CC @facutuesca