Support Time-stamping

[yizha1]

Is your feature request related to a problem?

Signature validation will fail if signing key/certificates are expired. In this case, signers need to rotate the key/certificates in time and re-sign container images using new key/certificates. The lifetime of a signature is limited by the lifetime of a corresponding signing key/certificate.

What solution do you propose?

Time-stamping (https://www.rfc-editor.org/rfc/rfc3161) extends the trust of signature beyond the validity period of a certificate, thus signers do not need to regularly re-sign images before certificates are expired. RFC 3161 said that Time-stamping helps establish whether the image was signed before or after the certificate was compromised. However, in the real world, the compromised time is not the time of certificate revocation. The compromised time is not determined. So, the proposal is to not use Time-stamping for revocation scenarios.

What alternatives have you considered?

Currently Notation does not support Time-stamping, so signers need to regularly rotate the key/certificates in time and re-sign container images using new key/certificates. However, this process requires signers to establish a re-sign workflow, which leads to usability problems and waste of resources.

Any additional context?

There is an existing issue in roadmap repo, however this repo is not in active mode.

[yizha1]

@priteshbandi @iamsamirzon @gokarnm @rgnote There have been discussions around Time-stamping for quite a long time. I would like to prioritize this feature for Notation v1.2.0 release. Any comments from your side? /cc @shizhMSFT @FeynmanZhou @patrickzheng200 @JeyJeyGao