What is the document level timestamp in a LTV enabled PDF for?

0
votes

As i read from this Anser, ETSIs best practice for an LTV enabled PDF is to add a DSS and a document level timestamp. According to adobe, a document level timestamp isn't needed, only a valid CRL or OSCP response for every certificate.

I'm not sure if i understand what the document timestamp is for. As i understand it, this is used to add another DSS + timestamp before the last document timestamp is expiring, to expand the signature lifetime of the document.

Does that mean, if a add no timestamp, the document won't be LTV enabled anymore after the origin certificate is expired? But that would defeat the purpose of LTV.

1
pdfadobedigital-signature

1 Answers

0
votes

Yay i found out what it's used for: It's all for security ;)

The timestamp is added to make sure that the CRL and OSCP responses where added when the signing key was still valid, otherwise the CRL and OCSP responses could be cached and added long after the key has expired or has been revoked.

But why does adobe show a PDF as LTV enabled when there is no document timestamp?