[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Binding between keys and schemes?

To: Pedro Félix <pfelix@xxxxxxx>
Subject: Re: Binding between keys and schemes?
From: Stephen Kent <kent@xxxxxxx>
Date: Tue, 25 Jan 2000 16:10:50 -0500
Cc: <ietf-pkix@xxxxxxx>
In-reply-to: <>
References: <>

Prdro,

First, a certificate doesn't purport to characterize the capabilities of the subject wrt the algorithms with which a public key may be used. Rather, a certificate expresses the algorithm with which the key may be used. This is a fine distinction, but we have avoided loading other user crypto capability info into certs in the past, e.g., what symmetric crypto algorithms a user's S/MIME implementation supports.

If a single key can be used with various algorithms, a certificate is capable of expressing only one, as currently specified, and thus one might need to have multiple certificates, if multiple algorithms are to be employed. One might imagine defining an algorithm ID that captures a set of algorithms with which a key may be used, by the subject. Syntactically, that has been done in the past, e.g., in DMS certificates specified that the SubjectPublicKey field contained two keys, one for KEA and one for DSA. It's a hack. The deliberations that led to X.509 v3 made clear that putting two keys into this field was discouraged. Still, this example suggests that one might define an Algorithm ID that conveys a more complex notion of what algorithm(s) can be used with a key.

Steve

References:
- Binding between keys and schemes?
  - From: Pedro Félix

Prev by Date: Re: OCSP and CSL
Next by Date: Re: OCSP and CSL
Previous by thread: Binding between keys and schemes?
Next by thread: Re: Binding between keys and schemes?
Index(es):
- Date
- Thread