[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3280bis: key usage (13)

To: Peter Gutmann <pgut001@xxxxxxxxxxxxxxxxx>
Subject: Re: 3280bis: key usage (13)
From: Stephen Farrell <stephen.farrell@xxxxxxxxx>
Date: Fri, 27 May 2005 16:25:37 +0100
Cc: Denis.Pinkas@xxxxxxxx, ietf-pkix@xxxxxxx
In-reply-to: <E1DbgZ9-0000B3-00@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <E1DbgZ9-0000B3-00@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511



Peter,

The motivation for the comment was that we've just gone through the
keyEncipherment vs. dataEncipherment debate where no-one's quite sure which
bits to set for what occasion, and now in an attempt to fix the equally-
problematic DS vs. NR we're creating a similar problem: [...]


Fair enough. Problem is we'll apparently never get agreement
on what NR/CC means:-(

   The digitalSignature bit is asserted when the subject public key
   is used for verifying digital signatures that are used
   with an entity authentication service, a data origin authentication
   service or/and an integrity service. Note that a certificate
   with only the digitalSignature bit set MUST NOT be used for
   verifying certificate or CRL signatures.


Sounds good to me.


Cool. Let's see what happens when Denis get back so,
Stephen.

Follow-Ups:
- Re: 3280bis: key usage (13)
  - From: Denis Pinkas

References:
- Re: 3280bis: key usage (13)
  - From: Peter Gutmann

Prev by Date: Re: 3280bis: key usage (13)
Next by Date: RE: 3280bis: key usage (13)
Previous by thread: Re: 3280bis: key usage (13)
Next by thread: Re: 3280bis: key usage (13)
Index(es):
- Date
- Thread