List of free rfc3161 servers.

rfc3161.txt

https://rfc3161.ai.moda
https://rfc3161.ai.moda/adobe
https://rfc3161.ai.moda/microsoft
https://rfc3161.ai.moda/apple
https://rfc3161.ai.moda/any
http://rfc3161.ai.moda
http://timestamp.digicert.com
http://timestamp.globalsign.com/tsa/r6advanced1
http://rfc3161timestamp.globalsign.com/advanced
http://timestamp.sectigo.com
http://timestamp.apple.com/ts01
http://tsa.mesign.com
http://time.certum.pl
https://freetsa.org
http://tsa.startssl.com/rfc3161
http://dse200.ncipher.com/TSS/HttpTspServer
http://zeitstempel.dfn.de
https://ca.signfiles.com/tsa/get.aspx
http://services.globaltrustfinder.com/adss/tsa
https://tsp.iaik.tugraz.at/tsp/TspRequest
http://timestamp.entrust.net/TSS/RFC3161sha2TS

Could you explain what's behind this service ?

@danvy It's a load balancer that:

1. Response validation of the timestamp reply before returning it to you.
2. Automatic retrying. e.g. if one of the upstream servers returns an invalid timestamp reply, we automatically return the next valid response from the next server.
3. Fans out to multiple trusted timestamping servers in parallel. The two steps above happen in multiple threads, so you will always get the fastest response possible, even if the first upstream CA returns us an error (you won't see the error, we handle that).
4. Allow CORS requests.
5. We update the upstream CAs in our list server-side. i.e. You should never need to update your RFC3161 URL in your application if you use any of the https://rfc3161.ai.moda/[*] URLs. e.g. today I noticed that IDnomic/Keynectis took their server down, but we already had 7 fallbacks for https://rfc3161.ai.moda/adobe and 8 fallbacks for https://rfc3161.ai.moda/windows, so it resulted in zero downtime for anyone.

Out of 1.33 million requests this month, we've had 60 errors. So roughly a 99.995% success rate.