Time Requirements
The following outlines standards that specify requirements on TSA time management and how the requirements are met.
SignServer implements the Time-Stamp Protocol as specified in RFC 3161 and can be used as the core part of a Time Stamping Authority (TSA).
Time requirements
Several standards specify requirements for TSA time management. The RFC 3161 standard for time-stamping defines the time-stamping protocol and states that you must use a trustworthy source of time. Building on top of RFC 3161, the EU standards add further detailed requirements.
RFC 3161 - Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)
RFC 3161 includes the following requirements of the TSA:
The TSA is REQUIRED:
to use a trustworthy source of time.
to include a trustworthy time value for each time-stamp token.
ETSI EN 319 421 - Electronic Signatures and Infrastructures (ESI); Policy and Security Requirements for Trust Service Providers issuing Time-Stamps
ETSI EN 319 421 - V1.1.1 (2016-03) specifies the following:
"The time values the TSU uses in the time-stamp shall be traceable to at least one of the real time values distributed by a UTC(k) laboratory."
"The time included in the time-stamp shall be synchronized with UTC [1] within the accuracy defined in the policy and, if present, within the accuracy defined in the time-stamp itself."
"If the time-stamp provider's clock is detected (see clause 7.7.2 c)) as being out of the stated accuracy (see clause 7.7.1 b)) then time-stamps shall not be issued."
"The calibration of the TSU clocks shall be maintained such that the clocks do not drift outside the declared accuracy."
"The declared accuracy shall be of 1 second or better."
"The TSU clocks shall be protected against threats which could result in an undetected change to the clock that takes it outside its calibration."
"The TSA shall detect if the time that would be indicated in a time-stamp drifts or jumps out of synchronization with UTC."
"The clock synchronization shall be maintained when a leap second occurs as notified by the appropriate body..."
"Records concerning all events relating to synchronization of a TSU's clock to UTC shall be logged. This shall include information concerning normal re-calibration or synchronization of clocks used in time-stamping."
"Records concerning all events relating to detection of loss of synchronization shall be logged."
ETSI EN 319 422 - Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles
ETSI EN 319 422 - V1.1.1 (2016-03) specifies the following:
"a genTime field shall have a value representing time with a precision necessary to support the declared accuracy shall be supported;"
"the accuracy field shall be present and a minimum accuracy of one second shall be supported;"
Fulfilling time requirements
The local clock of the server is synchronized with a reliable time source (that is, a time server with a reliable clock synchronized with a national time source or GPS) using an NTP service provided by the operating system.
Calibration is performed using NTP and is therefore not expected to drift outside declared accuracy compared to the reliable time source.
The accuracy of the calibration is periodically monitored. A time-stamp token will not be issued unless the monitoring reported the time to be in sync and the report was made within a configured interval (for instance 1 second).
For more information, see Time Sources in SignServer.
Logging
Note the following regarding logging:
- The time server should log its own events such as loss of connection with GPS etc.
- The operating system NTP service should log its events.
- Manual re-calibration should be logged (in the operating system log or manually if no such logging exists).
- The monitoring tool should log when time is detected to be out of synchronization.
- SignServer/TimeStampSigner will log whether the time was considered in sync or not when processing a request.
For more information, see Logging and Monitoring.