1. Ports
  2. Port 318

Port 318: PKIX TimeStamp — Proving When

Port 318 (both TCP and UDP) carries the PKIX TimeStamp Protocol (TSP), defined in RFC 3161. This is the protocol that proves when something happened in the digital world.

What It Does

The TimeStamp Protocol solves a fundamental problem: digital signatures prove who signed something, but not when they signed it. A file's creation date can be changed in seconds. System clocks can be reset. But a cryptographic timestamp from a trusted Time Stamping Authority (TSA) cannot be forged.

When you need to prove "this document existed at this exact moment"—for legal contracts, software releases, digital evidence, or any scenario where time matters—you send a request to a TSA listening on port 318.1

How It Works

The protocol follows a simple request-response pattern:2

  1. Hash: Calculate a cryptographic hash (SHA-256, SHA-512) of the data you need to timestamp
  2. Request: Send the hash to a Time Stamping Authority on port 318
  3. Response: The TSA returns a signed timestamp token that binds your hash to the current time
  4. Verification: The timestamp token is cryptographically signed by the TSA's private key, stored in a Hardware Security Module (HSM)

The TSA never sees your actual data—only the hash. The timestamp token proves that specific hash existed at that specific moment. If someone later claims a document was created or modified on a different date, the timestamp provides cryptographic proof of when it actually existed.

Why It Exists

RFC 3161 was published on August 1, 2001, authored by C. Adams, P. Cain, D. Pinkas, and Robert Zuccherato from Entrust Technologies.3 The work began years earlier, with drafts dating back to 1997 under the title "Internet Public Key Infrastructure Part V: Time Stamp Protocols."4

The problem they solved: digital signatures were becoming legally binding, but without trusted timestamps, you couldn't prove when a signature was created. A signature could be backdated. A contract could claim to have been signed before a law changed. Evidence could be manufactured to appear older than it was.

The TimeStamp Protocol creates an unbreakable link between a piece of data and a moment in time, anchored to a trusted third party whose job is to maintain accurate time and never lie about it.

Real-World Use

Every time you see a digitally signed document with a verified timestamp, port 318 was likely involved:

  • Legal Contracts: Proving when parties agreed to terms
  • Software Releases: Establishing when code was published (code signing certificates)
  • Digital Evidence: Creating admissible timestamps for forensic investigations
  • Regulatory Compliance: Meeting requirements for non-repudiation in financial transactions
  • Intellectual Property: Proving when creative work or inventions were created

The Truth About Time

Port 318 exists because proving time in a digital world is genuinely hard. You can fake a file's creation date in seconds. You can change your system clock. You can backdate a signature.

But you can't fake a cryptographic timestamp from a trusted authority. The TSA's signature proves "this hash was submitted to me at this exact time, synchronized with a trusted time source." The timestamp token becomes part of the document's permanent record.

This is the Internet's notary public—a witness that cannot be bribed, cannot forget, and cannot lie about when something happened.

Security Considerations

Port 318 carries high-value requests and responses. A compromised TSA could issue fraudulent timestamps, undermining legal agreements and digital evidence. For this reason:

  • TSAs store their signing keys in Hardware Security Modules (HSMs)
  • The protocol uses PKI-based protection with strong digital signatures
  • TSAs must synchronize with trusted time sources
  • Timestamp tokens include the TSA's certificate chain for verification

The protocol has occasionally been misused by malware (like any port), but its official purpose remains cryptographic timestamping.5

Related Ports

  • Port 80/443 (HTTP/HTTPS): Many TSAs offer HTTP-based interfaces as an alternative to direct port 318 access
  • Port 389/636 (LDAP/LDAPS): Certificate and revocation information for verifying TSA signatures

Checking Port 318

To see if a Time Stamping Authority is listening on port 318:

# Check if port 318 is open
nc -zv timestamp-authority.example.com 318

# Check what's listening locally
sudo lsof -i :318
sudo netstat -tulpn | grep :318

Most modern TSA services use HTTPS (port 443) instead of port 318 directly, but the protocol remains defined for this port.

Previous

Port 315: DPSI — A Well-Known Ghost

Next

Port 314: Opalis Robot — The Automation Port Microsoft Wanted

Was this page helpful?

😔
🤨
😃