When Adobe validates a LTV signature:
* when validating the signer's certifecate, it's validated on the timestamp date. Ok
* but when validating the document timestamp's certificate, it's validated on its own timestamp date !!??
What does it mean?
If I change the date of my system to a date when the timestamp certificate is expired, Adobe says all the LTV signature is OK. !!??
Since the timestamp's certificate was valid when the timestamp was created, then this means that Adobe will consider this LTV eternally valid?
Instead of requiring another document timestamp before previous timestamp expiration.
According to PAdES LTV standard (ETSI TS 102 778-4 V1.1.2):
4.3 Validation Process
It is recommended that that validation process be as follows:
1) The "latest" document Time-stamp should be validated at current time with validation data collected at the current time.
2) The "inner" document Time-stamp should be validated at previous document Time-stamp time with the validation data present (and time-stamped for the successive enveloping time-stamps) in the previous DSS.
3) The signature and the signature Time-stamp should be validated at the latest innermost LTV document Time-stamp time using the validation data stored in the DSS and time-stamped (by the successive enveloping time-stamps)
Why is Adobe validating the latest document timestamp using its own timestamp date instead of validating it using the current time?
I've detected it in Acrobat Reader DC.
Thanks a lot in advance,
Enric