Re: Authentication vs. binding signature, and ephemeral vs.permanent key usage

Hi all,

how about adding the following to section 4.2.1.3 Key Usage in order
to clarify the DS/NR issue:

DS bit:
A private key whose certificate has the DS bit set may be used in any 
environment with any protocol, e.g. session oriented authentication. 
If only the DS bit is set then any DS compliant services are allowed.

NR bit:
The non-repudiation services associated with the public key in the
certificate provide proof of the integrity and origin of data.
If only the NR bit is set in a certificate then the subject public key
is only allowed to be used to verify digital signatures used to provide
non-repudiation services. 
A private key whose certificate has the NR bit set must only be used in
well known environments with well known protocols and it requires the
signing entity's conscious acceptance of the signed message content.
If the DS bit is also set, the constraint is extended to plenty of
protocols and environments that may be quite difficult to control.

> In PKIX it is stated:
>    A certificate user should review the certificate policy generated 
>    by the certification authority (CA) before relying on the 
>    authentication or non-repudiation services associated with the 
>    public key in a particular certificate.  To this end, this 
>    standard does not prescribe legally binding rules or duties.

This introduction of PKIX should be repeated or moved to the section 
4.2.1.3 Key Usage

Regards - Petra

vcard.vcf
Description: Card for Petra Glöckner

smime.p7s
Description: S/MIME Cryptographic Signature