[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Interpretation of KeyUsage?

To: "Housley, Russ" <housley@xxxxxxxxxx>
Subject: Re: Interpretation of KeyUsage?
From: Lars Johansson <Lars.Johansson@xxxxxxxxxxxxxx>
Date: Mon, 20 Jan 1997 10:24:34 +0100
Cc: ietf-pkix@xxxxxxxxxx
Organization: PSab
References: <>

Housley, Russ wrote:
> 
> My opinion:
> 
> 1. Authentication is a 'digitalSignature' key.
> 
> 2. Computing digital signatures (e.g. signing legal contracts) is both a
> 'digitalSignature' and a 'nonRepudiation' key.

This would be in line with the recommedation I received from Dennis
Pinkas.
However, I still find it somewhat troublesome. Suppose I want to take
part
in an authentication protocol with somebody with two keys as described
above.
Then which key do I pick? Many service providers may decide that a key
with
nonRepudiation "looks better" since then (they believe that) the other
part 
can't repudiate the authentication protocol.

The point is that authentication and non-repudiation keys may never be
mixed.
This could work with your suggestion as well as long as we're very clear
what
we mean with these key usages. Perhaps this definition would work:

1. Authentication is a key with keyUsage 'digitalSignature' set and
'nonRepudiation' 
   not set.

2. Computing digital signatures (e.g. signing legal contracts) is a key
with both
   keyUsage 'digitalSignature' and 'nonRepudiation' set.

Notice that this definition doesn't differ from yours but it may be
clearer.

> 3. Encryption is a 'keyEncipherment' or 'keyAgreement' key depending on the
> algorithm you use.  RSA is a 'keyEncipherment' key.  Diffie-Hellman is a
> 'keyAgreement' key.

We use RSA and have decided to set the key usage to 'keyEncipherment'.

However, due to backward compatibility reasons, the SEIS specification
also
includes the key usage 'keyAgreement'. The meaning of that alludes to a
protocol
(DASP) defined in the swedish "Allterminal"-project using key-exchange
based on RSA.

Unfortunately the authentication key is used in this protocol. This is
not a good
solution but it was a compromise in order to be backward compatible with
the 
"Allterminal" standard. Nevertheless, it's a lot harder to break this
scheme than
ordinary encryption because, in order to do so, you must attack both the 
communicating parties.

Thanks for your patience and helpful comments!
/Lars Johansson

> ______________________________ Reply Separator _________________________________
> Subject: Interpretation of KeyUsage?
> Author:  Lars Johansson <Lars.Johansson@psab.posten.se> at internet
> Date:    1/17/97 3:06 AM
> 
> Hi all,
> 
> This is a topic that has confused us a great deal
> in the swedish SEIS project (http://www.seis.se).
> One goal of SEIS is to agree on a standard of
> electronic ID-cards (i.e. smart cards primarly
> used for identification). The electronic ID-card
> shall be capable of performing the following
> cryptographic functions (all based on RSA):
> 
> 1. Authentication ("signing" a random challenge).
> 
> 2. Computing digital signatures (e.g. signing
>    legal contracts).
> 
> 3. Encryption
> 
> For each function there is a separate key with a
> corresponding certificate. These three certificates
> must therefore include the X.509v3 extension keyUsage.
> 
> It's quite clear that the encryption key can have the
> usage 'keyEncipherment' but what about the other two?
> 
> After reading the X.509 DAM over and over (and even
> calling Warwick Ford) it was decided that the key we
> use for (what we call) digital signatures (function no. 2)
> would be 'nonRepudiation' in the X.509 terminology.
> 
> This left us with the KeyUsage 'digitalSignatures'
> for the key we use for authentication. Although I think
> this interpretation of X.509v3 is correct it still
> worries me somehow. As we interpret the term authentication,
> it means encrypting some random data with your private key.
> Since the protocol uses random data, this type of signature
> mustn't be mixed with the ones performed on legally binding
> contracts (supporting non-repudiation).
> 
> Now I'd like to know for what other purposes are people
> using keys with the X.509v3 extension 'digitalSignature'?
> As I see it there is a potential risk that the intepretation
> differs from country to country or even from application to
> application.
> 
> Suppose that one service provider on the Internet accepts
> a digitally signed payment order using the extension
> 'digitalSignature' in the corresponding certificate.
> Do you all see the potential risk of fraud to our happily
> unworried swedish inhabitants that use their electronic
> ID-cards for authetication puposes?
> 
> Please comment!
> /Lars Johansson
> Sweden Post

References:
- Re: Interpretation of KeyUsage?
  - From: Housley, Russ

Prev by Date: Re: Interpretation of KeyUsage?
Next by Date: Questions about character sets and their encodings
Previous by thread: Re: Interpretation of KeyUsage?
Next by thread: Re: Interpretation of KeyUsage?
Index(es):
- Date
- Thread