|
|
Re: Authentication vs. binding signature, and ephemeral vs.permanent key : msg#00324ietf.x509
Aram, Some responses below... Aram Perez wrote: <snip> > 3) It is not clear to me who determines the value of the keyUsage field. > Does the CA arbitrarily assigned it, or do I specify the field in the > certificate request? And if non-repudiation is a CA service, how do I know the > CA will set the NR bit? The CA will insert whatever the subject, or the organization granting the subject the certificate, has contracted with the CA to insert, assuming the subject meets applicable requirements for the cert. > > 4) How is the private key involved? What happens if the corresponding > certificate has the NR bit set but I use the private key to sign an ephemeral > object? Ditto for having the NR bit NOT set but I use the private key to do a > "conscious" signature? If the extension is "critical" and the key is not used in a manner appropriate to its indication, the processing application (recipient) should reject the transaction. -- David Simonetti, Booz·Allen & Hamilton Inc. |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Authentication vs. binding signature, and ephemeral vs.permanent key usage: 00324, Simonetti David |
|---|---|
| Next by Date: | Re: Authentication vs. binding signature, and ephemeral vs.permanent key usage: 00324, Simonetti David |
| Previous by Thread: | Re: Authentication vs. binding signature, and ephemeral vs.permanent key usagei: 00324, Aram Perez |
| Next by Thread: | Re: Authentication vs. binding signature, and ephemeral vs.permanent key usage: 00324, Aram Perez |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |