Re: Authentication vs. binding signature, and ephemeralvs.permanent key usage

>>     4) How is the private key involved? What happens if the corresponding
>> certificate has the NR bit set but I use the private key to sign an ephemeral
>> object? Ditto for having the NR bit NOT set but I use the private key to do a
>> "conscious" signature?

>If the extension is "critical" and the key is not used in a manner
>appropriate to its indication, the processing application (recipient)
>should reject the transaction.

-- 
David Simonetti, Booz·Allen & Hamilton Inc.

Whoa!

Let's think about that a second.

Granted, the Critical bit ought to mean more than simply recognizing the syntax 
-- there 
is clearly some semantic understanding and validation that is required.

But would we really expect a conforming application to recognize when an object 
is
ephemeral??  Or when a NR bit was set and the document appears to be more like 
a doodle or a draft than a final contract??

Think about this from the standpoint of the API for a second -- the decision as 
to whether 
accept a certificate is going to be made by the operating system or PKI 
subsystem.

Is the application going to be required to reparse and revalidate the 
certificate itself,
and then stare at its own navel and try to figure out what the human behind the 
application is trying to do?  Pretty clever application!

Isn't that asking an awful lot, given the fact that the people who wrote the 
spec 
can't even figure out what the bit means? :-)

Bob