|
|
|
Re: Authentication vs. binding signature, and ephemeral vs.permanent key us: msg#00309ietf.x509
Phillip M Hallam-Baker wrote: > > I don't see any reason for inserting additional text into the > profile to mandate DS be always set with NR. Well, if some people use NR with and some without the DS bit set there will be no interoperability because some people/applications will assume that a certificate with the DS bit set might be used for session-oriented authentication (automated signatures). This will impose a high security risk because a NR certificate with the DS bit set might than be used for session-oriented authentication applications. > On the other hand the S/MIME and TLS specifications should be very > specific about the key usage bits which MUST be set or clear > for certain operations to be performed. > > In summary this is a very important issue but this is not the place > to address it. The semantics of the key usage bits will be > pragmatically defined by applications. I thought, that's what the profile is for - specifying or at least recommending how to use the standardised extensions - to avoid that every application has to define it for themselves and therefore to achieve interoperability. Regards - Petra
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Defining Non-Repudiation: 00309, Petra Glöckner |
|---|---|
| Next by Date: | Re: Authentication vs. binding signature, and ephemeral vs.permanent key usage: 00309, Denis Pinkas |
| Previous by Thread: | RE: Authentication vs. binding signature, and ephemeral vs.permanent key usagei: 00309, Phillip M Hallam-Baker |
| Next by Thread: | Re: Authentication vs. binding signature, and ephemeral vs.permanent key usage: 00309, Simonetti David |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
|
|
| News | FAQ | advertise |
