Xen project Mailing List

Fwd: Digicert - XEN: Re-sign files timestamped from September 14-22, 2022, to get full 11-year timestamp validity

From: George Dunlap <George.Dunlap@xxxxxxxxxx>

Date: Wed, 12 Oct 2022 14:11:02 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4wRD7K9kcNkh9Fo3cFxySdaxh8QadJpcQjeiJP0C2j8=; b=cFE8zMSU81vhBF3Rl0J1zV4TcwTvLuHUy94mlH1BUoUkvb7EBkSfEd5fvXRVbVf7duIT9PpKeJr5M35Puyb9V8YT+vKVMmwxMnT4/FyxWrOUy1JNAGUnB+c3QfoQodxXvkqTnZy+npxzAQWMCJuPkcB/KnXei+ucIdSUGFY6KzSM10qYoKPnQyTbgZ3TCDHX+U03R6ap5un8rdQMJM56S9WWS2G27yOOh5niYQ0XLlFfsQUboI1FHFr1eAcZ0myIgPfPvwMfFNhRi0VAR2wz17qphQE4IAXk6bQESbIt1luLGNfVGx3fh4O9PqbKO4r5Gel0W9iaJ6sQdWQHVSr7mQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O7fVU1yvUnYodiOtgYvMPaRqtbaWw6sXLpM8NS2ZGf59MzxPywMYG4UpQbwPae+bwDyjVw4BEQktGjl+r3yZnVpQ8taCXQPbEHrLuKiY+iwLaBi2yPfKzsWM12ps7b4DGqEirkWsOrfvZlTp06b8bZ+AYCHvwtsiRN7gVWzqMRWcA6M2LwoVjjCULFmtl34ocOL3D6ACf28s5xPVhn2Kb06Kl2YTTzmk2lwVhxZNzgwEQLJRs72ZuMC9oa0pHGH9QPq2xQEn1bwtXV4e+wG1V44pCtcsDKcin1L+knRtQqN7hTi8ZksJh3bhfdt2FZbxkR1EaMxNMqQvBjwaZ06isQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: "win-pv-devel@xxxxxxxxxxxxxxxxxxxx" <win-pv-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Wed, 12 Oct 2022 14:11:17 +0000

Ironport-data: A9a23:JZrKe6I5hNFyI3y+FE+RXpQlxSXFcZb7ZxGr2PjLsTEM7AuW5UVEl zVBCC3DeKqUMyGmS21FGNyw9BxV7ZTWndA1TgVkqCgwFy4aoMabD4nDIxf6binDc5CeFxk/t ckVMteac59kHnbR9hqnauLt/CkhjPuETeWU5IIoQsxUbVYMpHAJ1UIz8wJAvrNVvDSZP++sk dijrZGAYgT8hG4laD9Ms/mJ9h1hsq6ptj5E7gxmNftG7QPSz3UbMskSdPq7R5fariu4PcbhH rqek+vplo/9101wYj9wuu+jKiXmepaLYU7UzCI+t5GK2nBqvjY13rswKM0SYEJWjyTht91qw ZBGuIfYpT0BZ8Ugo8xAFUgFe81CFfceouWeeSHl6Zb7I3DuKBMA/d0/VCnaAqVAkgpHKTkm3 eAVLjkLcieCi4qeqF5sYrAx7iiLBJCD0LI34hmM/xmAZRoVacmrr5Hxzc1ZxF8NavVmRp4yU Sa7hQ1HN3wsazUXUrse5QlXcO2A3hETeBUAwL6ZSDZeD8E+A2Wd3ZC0WOc5dOBmSu1bhX2mh Hr+xV/WHyw1ave57T+I0C2z07qncSPTAOr+FZWe39sy3Bi/4zJWDxcbE1ymvfO+l0iyHcpFL FAZ8TYvqq5081G3St76XFuzp3vsUhw0AoIMVbFlrl7WjPaLi+qaLjFsojppR9EhrsA7AxA30 FuAh/viBCB1sa3TQnWYnluRhWPoYHlJcDJTDcMCZRoX/uTBpbwpsijSHthmGpO/p/TXABill lhmqwB73d3/l/Ujz6mm50rOhS6Er53AXAkzoA7QWwqN8QJ/IZa7IoCl91XfxfJBN5qCCEmMu mAenMqT5/xICouC/BFhW80IFbCtovqAbjvVhAYzG4F7r2jyvXm+YYpX/TdyYl9zNdoJciPoZ 0mVvh5N4JhUPz2haqofj5+NNvnGBJPITbzNPs04pPIXCnStXGdrJB1TWHM=

Ironport-hdrordr: A9a23:qAXkaaiGHLUwLSTqohMuMcmvlXBQX2p13DAbv31ZSRFFG/FwyP rCoB1L73XJYWgqM03IwerwQJVpQRvnhP1ICPoqTMyftWjdySCVxeRZgbcKrAeQfBEWmtQ96U 4CSdk1NDSTNykdsS+S2mDRfLgdKZu8gdmVbIzlvhVQpHRRGsVdBnBCe2Om+yNNJDVuNN4cLt 6x98BHrz2vdTA8dcKgHEQIWODFupniiI/mSQRuPW9q1CC+yReTrJLqGRmR2RkTFxlVx605zG TDmwvloo2+rvCAzAPG3WO71eUYpDKh8KoMOCW/sLlUFtzesHfqWG2nYczBgNkBmpDv1L/tqq iIn/5vBbU215qbRBDOnfKk4Xic7N9p0Q6u9bbQuwqdneXpAD09EMZPnoRfb1/Q7Fchpsh11O ZR03uerIc/N2K3oMxsj+K4Ky2Cu3DE1UbKq9Rj+EB3QM8bcvtcvIYf9ERaHNMJGz/78pkuFK 1rANvH7PhbfFuGZzSB11MfiOCETzA2BFOLU0ICssua33xfm2141VIRwIgakm0b/JwwRpFY76 DPM7hulrtJUsgKBJgNTdspUI+yECjAUBjMOGWdLRDuE7wGIWvEr9rt7LA89IiRCek1JVsJ6e b8uX9jxB4PkhjVeLOzNbVwg2HwaXT4WyjxwcdD4JU8sqHgRdPQQF6+dGw=

List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>

Thread-index: AQHY0gxTOAQC0zlNmUGcRaDBjgT2Yg==

Thread-topic: Digicert - XEN: Re-sign files timestamped from September 14-22, 2022, to get full 11-year timestamp validity

Hey Paul,

Does this mean anything to you? Let me know if you need me to do anything in particular.

-George

Begin forwarded message:

From: Namhai Nguyen <ap@xxxxxxxxxxxxxxxxxxx>
Subject: Digicert - XEN: Re-sign files timestamped from September 14-22, 2022, to get full 11-year timestamp validity
Date: 27 September 2022 at 01:58:36 BST
To: paul@xxxxxxx, George Dunlap - XEN Project <George.Dunlap@xxxxxxxxxx>

Fwding.

---------- Forwarded message ---------
From: 'DigiCert' via Accounts Payable <ap@xxxxxxxxxxxxxxxxxxx>
Date: Mon, Sep 26, 2022 at 5:28 PM
Subject: [ap] [Action Required] Re-sign files timestamped from September 14-22, 2022, to get full 11-year timestamp validity
To: <ap@xxxxxxxxxxxxxxxxxxx>

New TSA cert with full validity (135 months).

If you are having trouble reading this email, read the online version.

ACTION REQUIRED

Hello NAMHAI NGUYEN,

You are receiving this email because you may use DigiCert's timestamping services with one or more Code Signing or Document Signing Certificates.

From September 14, 2022, at 13:11 MDT (19:11 UTC), to September 22, 2022, at 13:18 MDT (19:18 UTC), DigiCert's timestamp .digicert. com and adobe .timestamp. digicert. com services mistakenly issued a timestamp authority (TSA) certificate with a validity period of only one year. On September 22, 2022, we replaced this TSA certificate with a new TSA certificate with a 135-month (11-year) validity period, the maximum allowed by current industry standards.

To take advantage of the new TSA certificate’s full 11-year validity, you need to re-sign files timestamped during the affected period.

How does this affect me?

The maximum validity of a Code Signing or Document Signing Certificate is only three years, which is why it is important that they are timestamped with a TSA certificate with the longest validity period possible. Timestamping preserves the signature on your files or software, allowing them to be accepted by operating systems and other software after your Code Signing or Document Signing Certificate expires. When the signature is evaluated, the timestamp allows the validity of the signature to be checked against the time it was signed, instead of the current time when the software is being executed.

Timestamping code or files with DigiCert's new TSA certificate will increase the validity of your signatures to 11 years.

What do I need to do?

To take advantage of the new TSA certificate's 11-year validity period, you must first do a self-audit to determine which of your files or code were signed when the one-year TSA certificate was active from September 14, 2022, at 13:11 MDT (19:11 UTC), to September 22, 2022, at 13:18 MDT (19:18 UTC).

Once you have parsed the list of affected files or code, you can either:

Re-sign files or code that were previously signed and timestamped during the affected period and apply the new 11-year timestamp signature.

Re-apply the new 11-year timestamp signature to files that were previously signed and timestamped during the affected period*.

*For information about applying timestamps to previously signed files, see Microsoft's Adding Time Stamps to Previously Signed Files and TimeStamp Command Options.

Need help?

See our knowledgebase article Troubleshooting Timestamping Problems for common timestamping problems and tips for solving them.

See Code Signing Support for instructions on signing and re-signing objects.

See our blog Best Practices for Timestamping for background on timestamping and its importance to the signing process.

If you have additional questions or concerns, contact your account manager or DigiCert Support.

Thank you,
DigiCert Team

Questions? Contact Support

This service message was delivered to ap@xxxxxxxxxxxxxxxxxxx as the registered email address of a user of a DigiCert product, in order to provide important service-related information.

DigiCert, Inc. 2801 Thanksgiving Way, Suite 500, Lehi, Utah 84043 | Contact Us | Privacy Policy
© 2022 DigiCert, Inc. All rights reserved.

Attachment: signature.asc
Description: Message signed with OpenPGP