Peter, I think your clarification about the distinction between the keyEncipherment bit and the dataEncipherment bit is good. It would be better if RFC 3280 and X.509 could revise the explanation of the dataEncipherment bit based on your clarification. However, I worried that the statement "This (dataEncipherment) bit MUST NOT be set when the intention is to encipher intermediate cryptographic keys rather than raw user data" might mislead the reader to believe that the keyEncipherment bit and the dataEncipherment bit are mutually exclusive. Therefore, I suggest to revise the statement as "The dataEncipherment bit should not be use to represent the intention of allowing enciphering intermediate cryptographic keys. In that case, the keyEncipherment bit should be set." Wen-Cheng Wang----- Original Message ----- From: "Peter Gutmann" <pgut001@xxxxxxxxxxxxxxxxx> To: <andrewsciberras@xxxxxxxxx>; <pgut001@xxxxxxxxxxxxxxxxx>; <Simon_McMahon@xxxxxxxxxxxxxxxxx>; <wcwang@xxxxxxxxxx>
Cc: <ietf-pkix@xxxxxxxx> Sent: Wednesday, May 11, 2005 5:39 PM Subject: Re: key usage - key encipherment or data encipherment
"Wen-Cheng Wang" <wcwang@xxxxxxxxxx> writes:It is better to clarify that it is legitimate to assert both the keyEncipherment bit and the dataEncipherment bit in one certificate. In that case, it means that the key (e.g., RSA key) may be used for enciphering intermediate cryptographic keys or directly enciphering raw user data (e.g., user password).Saying you can use both bits won't help, it still leaves it ambiguous to users as to what dataEncipherment should be used for. One interpretation I've heard of is keyEncipherment = exchange of session keys (SSL), dataEncipherment = data encryption (S/MIME). Peter.