[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: 3280bis: key usage (13)

To: "Denis Pinkas" <Denis.Pinkas@xxxxxxxx>
Subject: RE: 3280bis: key usage (13)
From: "Stefan Santesson" <stefans@xxxxxxxxxxxxx>
Date: Fri, 3 Jun 2005 12:31:28 +0100
Cc: <ietf-pkix@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
Thread-index: AcVoJBCgUM7ZOJhHTAe9hMM5h9sDeQAA+Oag
Thread-topic: 3280bis: key usage (13)

I think my proposal was more expressive but I can live with both.

I'm fine as long as the text expresses this message in a way that is
sufficiently clear. I'm sure David can make something good out of these
proposals.

/Stefan


> -----Original Message-----
> From: Denis Pinkas [mailto:Denis.Pinkas@xxxxxxxx]
> Sent: den 3 juni 2005 12:09
> To: Stefan Santesson
> Cc: ietf-pkix@xxxxxxx
> Subject: Re: 3280bis: key usage (13)
> 
> Stefan,
> 
> > Just a nit maybe:
> > The following is not untrue but not really what we mean.
> 
> >>>>   Note that a certificate
> >>>>   with only the digitalSignature bit set MUST NOT be used for
> >>>>   verifying certificate or CRL signatures.
> 
> > For example: Can you use a certificate with DS + NR to validate
> > signatures on certificates? (it has not DS ONLY set).
> 
> > I think what we do want to say is something like:
> 
> > "Note that verification of CRL and certificate signatures is
explicitly
> > excluded from the definition of the digitalSignature bit. These key
> > usage purposes are defined separately by bit 5 and 6."
> 
> On the long paved road leading to further improvements, why not say:
> 
> "Note that the verification of certificate signatures and CRL
signatures
> is only governed by key usage purposes defined by bits 5 and 6
> respectively".
> 
> Denis
> 
> > /Stefan
> >
> >
> >
> >>-----Original Message-----
> >>From: owner-ietf-pkix@xxxxxxxxxxxx
> >
> > [mailto:owner-ietf-pkix@xxxxxxxxxxxx]
> >
> >>On Behalf Of Denis Pinkas
> >>Sent: den 2 juni 2005 11:05
> >>To: Stephen Farrell
> >>Cc: Peter Gutmann; ietf-pkix@xxxxxxx
> >>Subject: Re: 3280bis: key usage (13)
> >>
> >>
> >>
> >>(text deleted)
> >>
> >>
> >>>>>   The digitalSignature bit is asserted when the subject public
> >>>>
> > key
> >
> >>>>>   is used for verifying digital signatures that are used
> >>>>>   with an entity authentication service, a data origin
> >>>>
> > authentication
> >
> >>>>>   service or/and an integrity service. Note that a certificate
> >>>>>   with only the digitalSignature bit set MUST NOT be used for
> >>>>>   verifying certificate or CRL signatures.
> >>>>
> >>>>Sounds good to me.
> >>>
> >>>Cool. Let's see what happens when Denis get back so,
> >>
> >>This is fine with me. This solves the DS issue.
> >>We still need to solve the NR/CC bit issue.
> >>
> >>Denis
> >>
> >>
> >>>Stephen.
> >>
> >>
> >
> >
>

Prev by Date: Re: AW: 3280bis: key usage (13)
Next by Date: Re: 3280bis: key usage (13)
Previous by thread: Re: 3280bis: key usage (13)
Next by thread: Re: 3280bis: key usage (13)
Index(es):
- Date
- Thread