Incident reports that could impact verification of timestamps
DigiStamp is in the business of trust. As such, it is of the utmost importance that if the timestamps provided were compromised in any way, the customer would be notified immediately. DigiStamp would communicate this information in a variety of ways. Minimally, an incident would be recorded on this web page.
There have been very few events in the decade of providing the timestamp service.
2012 August 24-October 19 - Web Applications Verify Providing Bad File Verification Reports
- This memo records for public record problems with the Web Applications Verify Tool properly validating protected files against timestamps.
2012 July 1 - Timestamp clock inaccurate by greater than 1 second
- This memo records for public record a period of approximately 7.5 hours in which timestamps produced by the DigiStamp TSAs may have been innaccurate by more than the +/- 1 second thresholds specified in our policies.
2011 September 26 - Service Interruption
- This memo records for public record an event whereby there was a period of 20 minutes when both time stamp service locations were not providing timestamps. The impact was that DigiStamp’s Subscribers were not able to retrieve timestamps or experienced long response times.
2011 July 21 - Timestamp included expired certificate
- This memo records for public record an event whereby DigiStamp returned timestamps with the wrong / expired Audit Certificate. The impact of this error is limited to the repairable condition of having the wrong Audit Certificate and does not invalidate the timestamp. Any timestamp issued with this problem can be easily repaired by replacing with the correct, DigiStamp-supplied Audit Certificate.
2010 October 31 - Timestamp clock inaccurate by 1.5 seconds
- This memo records for public record an event whereby DigiStamp issued timestamps with a time value that was inaccurate by 1.5 seconds. This condition existed for a period of 10 minutes. At 1.5 seconds, this inaccuracy is greater than our commitment as defined in DigiStamp's Time Stamp Authority Policy.
2003 December 6 - Service unavailable
- We experienced intermittent service outages at both production timestamp server sites. Details here.
DigiStamp Policy if there were ever a critical incident:
If there was a compromise of the private signing key or the loss of calibration of the timestamping clock, this would directly impact our Relying Parties. This is the primary reason why we use extraordinarily secure hardware that's uniquely certified (description here). If these events occur or any disaster that may potentially affect the customer, DigiStamp will communicate to the customer what has happened, what is being done to address it, and how they may be affected.
In case the private key does become compromised, the repository of tokens generated and maintained by DigiStamp may provide a means to discriminate between genuine and false backdated tokens.
DigiStamp has a Disaster Plan in-place whereby critical events would be communicated with options that include direct emails and press releases.