|
|
Re: Authentication vs. binding signature, and ephemeral vs.permanent key us: msg#00333ietf.x509
David, I agree, as long as ALL application use and check the keyUsage bits like you have described below: session-oriented authentication: digitalSignature only signing e-mail: nonRepudiation only signing a certificate: certSign only But there will be an interoperability problem if e.g. one application for signing e-mail requires the digitalSignature bit to be set - either solely or in addition to the nonRepudiation bit - and another application requires the nonRepudiation bit only. The discussion on the pkix list now convinced me to change my opinion: the nonRepudiation bit should be used without the digitalSignature bit in order to prevent applications from using a legally binding digital signature certificate and the corresponding private key for session-oriented authentication. Best regards - Petra Simonetti David wrote: > > Petra, > > I don't foresee any interoperability problems whether or not one or both > bits are set. I expect that an application, when performing cert > validation, will first determine whether the extension is critical. If > critical, it will then determine if the appropriate bit is set. > > For example, if the application is performing session-oriented > authentication, it will check for the digitalSignature bit and no > others. If the key was used to sign an e-mail, then it will check for > the nonRepudiation bit and no others. If the key was used to sign a > certificate, then the application will check for the certSign bit and no > others. > > Therefore, whether one or both of the digitalSignature or nonRepudiation > bits is set is not relevant during certificate processing. > > However, whether one or both bits are set is relevant to the certificate > subject. Using a key pair for multiple uses inherently raises the > security risk for the certificate user. > > Dave S.
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | RE: directory enabled certificate status draft: 00333, Alan Lloyd |
|---|---|
| Next by Date: | RE: Authentication vs. binding signature, and ephemeral vs.permanent key usage: 00333, Phillip M Hallam-Baker |
| Previous by Thread: | Re: Authentication vs. binding signature, and ephemeral vs.permanent key usagei: 00333, Simonetti David |
| Next by Thread: | Re: Authentication vs. binding signature, and ephemeral vs.permanent key usage: 00333, Denis Pinkas |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |
