[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key usage - key encipherment or data encipherment

To: andrewsciberras@xxxxxxxxx, pgut001@xxxxxxxxxxxxxxxxx, Simon_McMahon@xxxxxxxxxxxxxxxxx, wcwang@xxxxxxxxxx
Subject: Re: key usage - key encipherment or data encipherment
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Wed, 11 May 2005 21:39:04 +1200
Cc: ietf-pkix@xxxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

"Wen-Cheng Wang" <wcwang@xxxxxxxxxx> writes:

>It is better to clarify that it is legitimate to assert both the
>keyEncipherment bit and the dataEncipherment bit in one certificate. In that
>case, it means that the key (e.g., RSA key) may be used for enciphering
>intermediate cryptographic keys or directly enciphering raw user data (e.g.,
>user password).

Saying you can use both bits won't help, it still leaves it ambiguous to users
as to what dataEncipherment should be used for.  One interpretation I've heard
of is keyEncipherment = exchange of session keys (SSL), dataEncipherment =
data encryption (S/MIME).

Peter.

Follow-Ups:
- Re: key usage - key encipherment or data encipherment
  - From: Wen-Cheng Wang

References:
- Re: key usage - key encipherment or data encipherment
  - From: Wen-Cheng Wang

Prev by Date: Re: key usage - key encipherment or data encipherment
Next by Date: Re: key usage - key encipherment or data encipherment
Previous by thread: Re: key usage - key encipherment or data encipherment
Next by thread: Re: key usage - key encipherment or data encipherment
Index(es):
- Date
- Thread