Re: Authentication vs. binding signature, and ephemeral vs. permanent key usage

Death rays from Mars made Eric Murray <ericm@xxxxxxx> write:
 
>The enduring 'bit' would indeed need to have at least a time period attached
>to it, in fact that's how I read it the first time.
>
>The enduring bit is one way of solving something that's broken in X.509- the
>key associated with a cert can be used to sign right up until the key, and
>it's cert, expire.  But a signature on a document one second before the cert
>expires is essentially worthless.  What's needed is a way to indicate that at
>time X the private key will no longer be used to sign, and at time X+Y the
>cert expires and the public key should no longer be used to verify signatures.
>
>This isn't a new idea by any means.  It's solved in SET by an extension which
>specifies the time period which the private key can be used for signing, and
>the Validity remains with the traditional meaning- that the cert's public key
>should no longer be used after it has expired.
 
Good Lord, we've finally discovered a real use for privateKeyUsagePeriod!
Quick, somebody deprecate it!
 
It sounds like the enduring-bit problem is already solved if the pKUP extension
is employed in this way.  Was that in fact its intended use, and if it was, why
is it deprecated by PKIX?  For a signing cert this sounds like the perfect
solution, pKUP defines the lifetime of the key and validFrom/validTo defines
the lifetime of signatures created with it.
 
Simonetti David <simonetti_david@xxxxxxx> added:
 
>I've put forth the recommendation to use digitalSignature usage for ephemeral,
>session-oriented authentication applications, but I truly wonder if such an
>application exists.  I thought it might apply to SSL/TLS-like protocols, but
>PKIX-1 defines extended key usages for TLS. I wouldn't be surprised to see new
>extended key usages for the IPSec protocols.  Is there an application that
>would look for a digitalSignature bit as defined by the profiles?

I don't know if this fits in with the intent of extendedKeyUsage, which seems
to be to act as a modifier to a given key usage (it's really a profile of the
more general keyUsage).  For example currently you have something like 
codeSigning or timeStamping or emailProtection as extensions of 
digitalSignature, and if only digitalSignature is present it's presumably 
valid for any kind of signing.  For ephemeral-signing there's no such 
equivalent, so you'd be forced to either enumerate every type of ephemeral 
signing (which means if a new type crops up you need to issue a new cert) or 
to define a new "any type of ephemeral signing" extendedKeyUsage, which is the 
same as defining a keyUsage bit with the same meaning.  It really seems like 
something which belongs in keyUsage, not extendedKeyUsage.

Peter.