ietf-scitt · thomas-fossati · Aug 30, 2024 · Aug 28, 2024 · Aug 28, 2024 · Aug 28, 2024
diff --git a/draft-birkholz-cose-tsa-tst-header-parameter.md b/draft-birkholz-cose-tsa-tst-header-parameter.md
@@ -161,6 +161,14 @@ Please review the Security Considerations section in {{-TSA}}; these considerati
 
 Also review the Security Considerations section in {{-COSE}}; these considerations apply to this document as well, especially the need for implementations to protect private key material.
 
+We assume an attacker who has the ability to manipulate the clocks on the COSE signer's clock and its relying parties, but not the clock of the TSA.
+Additionally, we are assuming that the TSA is a trusted third party, meaning that the attacker cannot impersonate the TSA and create valid timestamp tokens.
+Manipulations that happen on the COSE signer's side are not impactful because, once the timestamp is received from the TSA, it becomes the sole reliable source of time.
+However, a denial of service is possible if the attacker is able to move the clock of the relying party into the future, potentially disrupting the validation of the timestamp.
+
+In CTT mode, an attacker could manipulate the unprotected header by removing the timestamp or replacing it with one of their choosing.
+In this threat model, the signed COSE object should be securely wrapped in an envelope both during transit and at rest.
+
 In the "Timestamp, then COSE" (TTC) sequence of operation, the TSA is
 given an opaque identifier (a cryptographic hash value) for the
 payload.