Re: Authentication vs. binding signature, and ephemeral vs.permanent key usage

Hi David,

See my questions below:

>Aram Perez wrote:
><snip>
>>     3) It is not clear to me who determines the value of the keyUsage field.
>> Does the CA arbitrarily assigned it, or do I specify the field in the
>> certificate request? And if non-repudiation is a CA service, how do I know 
>> the
>> CA will set the NR bit?
>
>The CA will insert whatever the subject, or the organization granting
>the subject the certificate, has contracted with the CA to insert,
>assuming the subject meets applicable requirements for the cert.

When I go to the VeriSign site and apply for either a Class 1 or Class 2
certificate, I see no place where I can tell VeriSign that I want the NR bit
set. And how people are going to read 116 pages of VeriSign's CSP?

>> 
>>     4) How is the private key involved? What happens if the corresponding
>> certificate has the NR bit set but I use the private key to sign an ephemeral
>> object? Ditto for having the NR bit NOT set but I use the private key to do a
>> "conscious" signature?
>
>If the extension is "critical" and the key is not used in a manner
>appropriate to its indication, the processing application (recipient)
>should reject the transaction.

It appears that you are assuming that signing function accepts the certificate
as a parameter. I know of no cryptographic API that takes a certificate as a
parameter to a sign (or even verify) operation. All of the APIs I know (which
may be a limited set), always take a private key for signing and a public key
for verifying. None of them take a certificate.

Thanks for your comments,
Aram Perez
Apple Computer, Inc.