StartCom针对个人开发者的Class 2 “StartSSL™ Identity Validation”看上去很便宜，并且提供Object Code Signing和Time-Stamping，实际上是有问题的。
我们来看一下微软Authenticode文档中的说明（Windows Authenticode Portable Executable Signature Format – 14）：
By default, timestamping an Authenticode signature extends the lifetime of the signature indefinitely, as long as that signature was timestamped, both:
- During the validity period of the signing certificate.
- Before the certificate revocation date, if applicable.
The signature lifetime is not extended if the “lifetime signer OID” (szOID_KP_LIFETIME_SIGNING) is present in the signing certificate or if WTD_LIFETIME_SIGNING_FLAG is set in the WINTRUST_DATA structure when calling WinVerifyTrust. For details, see “Timestamp Processing with Lifetime Signing Semantics.”
The certificates associated with the timestamp are in the PKCS #7 SignedData structure’s certificates field.
Timestamp chains are compared against the following criteria:
- The certificate chain is built to a trusted root certificate by using X.509 chain-building rules.
The trusted root certificate is configured in the Trusted Root Certification Authorities certificate store. For more information on certificate stores, see “Certificates Stores.”
- The TSA certificate that is used to sign the timestamp contains the following EKU:
- The signing certificate must not be in the Untrusted Certificates certificate store.
Note: If the certificate that is used to sign the timestamp is in the Untrusted Certificates certificate store, then the signature is not verified even if the software publisher certificate is still within its validity period.
- Revocation checking is turned off by default for checking the validity of the timestamping certificate.
Timestamp Processing with Lifetime Signing Semantics
Applications or certification authorities that do not want timestamped signatures to verify successfully for an indefinite period of time have two options:
- Set the lifetime signer OID in the publisher’s signing certificate.
If the publisher’s signing certificate contains the lifetime signer OID in addition to the PKIX code signing OID, the signature becomes invalid when the publisher’s signing certificate expires, even if the signature is timestamped. The lifetime signer OID is defined as follows:
- Set the WTD_LIFETIME_SIGNING_FLAG in the WINTRUST_DATA structure when calling WinVerifyTrust.
If a WinVerifyTrust caller sets WTD_LIFETIME_SIGNING_FLAG in the WINTRUST_DATA structure and the publisher’s signing certificate has expired, WinVerifyTrust reports the signature as invalid even if the signature is timestamped.
As I understand it, the Lifetime Signing OID is present in StartCom code signing certificates because Microsoft required promises about the availability of OCSP and CRLs that StartCom did not think were reasonable to make. The compromise was that Microsoft allowed the StartSSL root into their certificate store, but required the Lifetime Signing OID to be present in StartSSL code-signing certificates.