Re: Authentication vs. binding signature, and ephemeral vs.permanent key usage

Petra,

I don't foresee any interoperability problems whether or not one or both
bits are set.  I expect that an application, when performing cert
validation, will first determine whether the extension is critical.  If
critical, it will then determine if the appropriate bit is set.

For example, if the application is performing session-oriented
authentication, it will check for the digitalSignature bit and no
others.  If the key was used to sign an e-mail, then it will check for
the nonRepudiation bit and no others.  If the key was used to sign a
certificate, then the application will check for the certSign bit and no
others.  

Therefore, whether one or both of the digitalSignature or nonRepudiation
bits is set is not relevant during certificate processing.  

However, whether one or both bits are set is relevant to the certificate
subject.  Using a key pair for multiple uses inherently raises the
security risk for the certificate user.

Dave S.

Petra Glöckner wrote:
> 
> Phillip M Hallam-Baker wrote:
> >
> > I don't see any reason for inserting additional text into the
> > profile to mandate DS be always set with NR.
> 
> Well, if some people use NR with and some without the DS bit set there
> will be no interoperability because some people/applications will
> assume that a certificate with the DS bit set might be used for
> session-oriented authentication (automated signatures). This will
> impose a high security risk because a NR certificate with the DS bit
> set might than be used for session-oriented authentication applications.
> 
> > On the other hand the S/MIME and TLS specifications should be very
> > specific about the key usage bits which MUST be set or clear
> > for certain operations to be performed.
> >
> > In summary this is a very important issue but this is not the place
> > to address it. The semantics of the key usage bits will be
> > pragmatically defined by applications.
> 
> I thought, that's what the profile is for - specifying or at least
> recommending how to use the standardised extensions - to avoid that
> every application has to define it for themselves and therefore to
> achieve interoperability.
> 
> Regards - Petra
> 
>   ------------------------------------------------------------------------
> 
>   Petra Glöckner <Petra.Gloeckner@xxxxxxxxxxxxxxxx>
>   GMD-TKT
> 
>   Petra Glöckner
>   GMD-TKT  <Petra.Gloeckner@xxxxxxxxxxxxxxxx>
>            Netscape Conference Address
>            Netscape Conference DLS Server
>   Additional Information:
>   Last Name
>   First NamePetra Glöckner
>   Version   2.1

-- 
David Simonetti, Booz·Allen & Hamilton Inc.