Re: Authentication vs. binding signature, and ephemeral vs. permanent key usage

Simonetti David writes:
> 
> Eric,
> 
> Eric Murray wrote:
> <snip>
> > There'a already a huge plethora of extensions, a few more key
> > usage bits that are unambiguous wouldn't hurt anything.
> 
> I disagree.  This would hurt a number of implementor's who are
> implementing the draft standard.  X.509 should remain as stable as
> possible.


Doesn't "draft" mean "not final", as in "this might change"?
Anyone implementing to a draft spec must expect that the spec
might change some before it is finalized.

Of course, the criteria for making a change to a draft standard should
be higher than for changing the standard when it was being drafted.
If these proposed changes were generally deemed to be worth
the effort (and satisfying any procedural requirements) then
it would be better to make the change in the draft rather than
issuing a spec with a known problem and a generally agreed-upon solution
which must be taken through the whole procedure later.

[Yea, I know that with a lot of standards, by the time that they
reach draft stage the people working on the standard have fought
so many ideological/political battles that they're reluctant to make
any changes whatsover in a draft.  If that's the stage that X.509
is at, then I guess we'll just have to fix it later]


-- 
Eric Murray  Chief Security Scientist  N*Able Technologies  www.nabletech.com
(email:  ericm  at  lne.com   or   nabletech.com)          PGP keyid:E03F65E5