[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3280bis: key usage (13)

To: ietf-pkix@xxxxxxx
Subject: Re: 3280bis: key usage (13)
From: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>
Date: Fri, 27 May 2005 14:36:53 -0400
In-reply-to: <E1DbgZ9-0000B3-00@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <E1DbgZ9-0000B3-00@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

David Chadwick and I argued within X.509 that if there are going to betwo (or four) bits,then those bits should specify non-overlapping purposes (i.e. DS forpurpose A,

NR/CC/?? for purpose B, Cert-S for purpose C and CRL-S for purpose D, where

A, B, C and D are mutually exclusive and collectively exhaustive). Thesuggestionat the time was to consider ephemeral signatures (entity authenticationw/ liveness)to be purpose A, and persistent signatures (data origin authentication /integrity with no

implication of presence/liveness) to be purpose B.

That view was roundly rejected by all present, who subscribed toStefan's theory ofcontagious fuzziness. So given that the decision has been made tocreate a fuzzynon-implementable definition for NR/CC, I believe PKIX should adoptStephen's

suggestion that CA's MUST set this bit to a random value.

Dave



Peter Gutmann wrote:

Stephen Farrell <stephen.farrell@xxxxxxxxx> writes:

There's a bit (NR/CC) whose meaning has been the subject of loads and loads
of rambling discussion for ages and ages, and you want to define DS=
NOT(NR/CC)? Sounds like a great way to spread the NR fuzziness around, i.e. a
bad idea.


Oh was that what all that was about?  I'd gone off to reorganise my sock
drawer and sort my packets of alphabet soup after the first 800 or so messages
went by, so I probably missed some bits.

The motivation for the comment was that we've just gone through the
keyEncipherment vs. dataEncipherment debate where no-one's quite sure which
bits to set for what occasion, and now in an attempt to fix the equally-
problematic DS vs. NR we're creating a similar problem: what do you do in
situations where neither the DS nor CC/NR bits fit?  I don't really care how
the bits are defined, as long as it doesn't end up creating un-uses that can't
be clearly signified with either DS or CC/NR.  Without this, we'll get another
situation like the dataEncipherment one where something doesn't fall easily
into either choice, so users and CAs claim that their choice of DS or CC
applies, whatever happens to coincide with what their software does.

   The digitalSignature bit is asserted when the subject public key
   is used for verifying digital signatures that are used
   with an entity authentication service, a data origin authentication
   service or/and an integrity service. Note that a certificate
   with only the digitalSignature bit set MUST NOT be used for
   verifying certificate or CRL signatures.


Sounds good to me.

Peter.

Follow-Ups:
- Re: 3280bis: key usage (13)
  - From: Peter Gutmann

References:
- Re: 3280bis: key usage (13)
  - From: Peter Gutmann

Prev by Date: Re: 3280bis: CRL validation
Next by Date: Re: AD Review for draft-ietf-pkix-rfc3770bis
Previous by thread: Re: 3280bis: key usage (13)
Next by thread: Re: 3280bis: key usage (13)
Index(es):
- Date
- Thread