[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
R: key usage - key encipherment or data encipherment
I'd suggest to modify the first part like follows (or equivalently):
The keyEncipherment bit is asserted when the subject public key is
used for enciphering private or secret keys, i.e., for key transport.
For example, this bit shall be set when a RSA public key is to be
used for encrypting a symmetric content-decryption key or an
asymmetric private key (e.g. as it occurs in the TLS protocol with
the server's public key).
This would add another bit of clarity to the prescription.
My 2 cents (of Euro :-)
Adriano
-----Messaggio originale-----
Da: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx] Per conto di Russ Housley
Inviato: giovedì 12 maggio 2005 21.21
A: ietf-pkix@xxxxxxxx
Oggetto: Re: key usage - key encipherment or data encipherment
There has been a whole lot of discussion about these paragraphs. Since
some of the discussion has not been CCed to the PKIX mail list, I am
posting the resulting words.
The keyEncipherment bit is asserted when the subject public key is
used for enciphering private or secret keys, i.e., for key transport.
For example, this bit shall be set when a RSA public key is to be
used for encrypting a symmetric content-decryption key or an
asymmetric private key.
The dataEncipherment bit is asserted when the subject public key
is used for directly enciphering raw user data without the use of
an intermediate symmetric cipher. Note that the use of this
bit is extremely uncommon; almost all applications use
key transport or key agreement to establish a symmetric key.
I hope we a re close to closure on this one....
Russ
*******************Internet Email Confidentiality Footer*******************
Qualsiasi utilizzo non autorizzato del presente messaggio nonché dei suoi allegati è vietato e potrebbe costituire reato. Se ha ricevuto per errore il presente messaggio, Le saremmo grati se ci inviasse, via e-mail, una comunicazione al riguardo e provvedesse nel contempo alla distruzione del messaggio stesso e dei suoi eventuali allegati.
Le dichiarazioni contenute nel presente messaggio nonche' nei suoi eventuali allegati devono essere attribuite esclusivamente al mittente e non possono essere considerate come trasmesse o autorizzate da ACTALIS S.p.A.; le medesime dichiarazioni non impegnano ACTALIS S.p.A. nei confronti del destinatario o di terzi.
ACTALIS S.p.A. non si assume alcuna responsabilita' per eventuali intercettazioni, modifiche o danneggiamenti del presente messaggio e-mail.
Any unauthorized use of this e-mail or any of its attachments is prohibited and could constitute an offence. If you are not the intended addressee please advise immediately the sender by using the reply facility in your e-mail software and destroy the message and its attachments. The statements and opinions expressed in this e-mail message are those of the author of the message and do not necessarily represent those of ACTALIS S.p.A. Besides, The contents of this message shall be understood as neither given nor endorsed by ACTALIS S.p.A..
ACTALIS S.p.A. does not accept liability for corruption, interception or amendment, if any, or the consequences thereof.