RE: German Key Usage

Paul,

No disrespect taken.  I understand the difficulties of developing for 
interoperability in the current environment.  As naive as it may sound,
I would prefer to have several of each form of key, scores of them in
fact.  Systems should allow that some suffice for multiple application
usages, others not so.

I look to the future, envision a "smart-card" with numerous keys.
Inserted into a device suitable for certain types of transactions,
it would give me a readout of that subset of keys which suffice for
the transaction at hand.  It may not allow me to do data encryption
with a signature key, for instance, or warn me if entering into a high-
value transation with a key whose certificate is soon-to-expire.

I want to move away from the "one-key-is-me" world-view.  I have too
many facets to want or need to share them all, even by indirection,
in every type of transaction.  I should not have to prove who I am
in order to use public transportation, for instance, and yet if I pay
via my one-account-key-certificate, I am in essence providing the world
a trail of crumbs by which to trace my activities.  This is why hard-
currency is still popular, and will remain so for the foreseeable future.

(enough of my ranting;)

___tony___

At 04:56 PM 8/17/98 -0400, Friedrichs, Paul wrote:
>     Aram, Tony,
>     
>     I hope my responses haven't sounded disrespectful. If so, I 
>     apologize. We, here, have been trying to implement a completed 
>     standards-based PKI, and frequently hear people from the PKIX or 
>     the FedPKI camp specifically challenging the initiative with 
>     conflicting interpretations of keyUsage. On top of that, a primary 
>     aim is providing a service that supports existing products. 
>     Frustrating, but we're trying.
>     
>     Regards, and thanks,
>     
>     Paul
>
>

Tony Bartoletti                                             LL
SPI-NET GURU                                             LL LL
Computer Security Technology Center                   LL LL LL
Lawrence Livermore National Lab                       LL LL LL
PO Box 808, L - 303                                   LL LL LLLLLLLL
Livermore, CA 94551-9900                              LL LLLLLLLL
email: azb@xxxxxxxx   phone: 510-422-3881             LLLLLLLL