Re: SV: Authentication vs. binding signature, and ephemeral vs.perman ent key usage

Hans Nilsson wrote:
> 
> Petra,
> I agree with most of your reasoning, except the conclusion :-)
> I think ONLY the NR bit should be set in "Golden" certificates  for
> Non-Repdiation for the following reason:
> 
> If both bits are set in a Golden certificate, an application in the key
> holder's PC that wants to use a private key for automatic authentication
> will surely think that it is allowed to use the corresponding private key,
> since the DS bit is set.
 
Instead of the DS bit I'd like to see another extension to be used in a 
certificate for indicating automatic authentication, e.g. the extended 
key usage field. The DS bit should only have the meaning: digital
signatures 
in general to provide authentication and integrity.

> But you have then added in your Certificate Specification that  "a complying
> application is NOT allowed to use a key for automatic authentication if the
> NR bit is set". So the application not just needs to look at the DS bit, it
> also needs to look at the NR bit (and what more bits...?). I think this is
> requesting too much from the applications.
 
Well, our specification only addresses certificates and digital
signature as a
mechanism for non-repudiation services (long-term signatures, binding 
signatures), i.e. digital signatures -according to the german digital
signature 
law- are intended to have lasting effect beyond the certificate
expiration. 
So we prohibit to use this digital signature certificate for automatic 
authentication procedures. Digital signatures used for session-oriented 
authentication are not addressed by our spec. A specification of a
certificate 
for session-oriented authentication would IMHO require another extension
to be 
set to indicate that the private key is used for automatic
authentication.

Best regards - Petra

vcard.vcf
Description: Card for Petra Glöckner

smime.p7s
Description: S/MIME Cryptographic Signature