[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Interpretation of KeyUsage?

To: ietf-pkix@xxxxxxxxxx
Subject: Re: Interpretation of KeyUsage?
From: dpkemp@xxxxxxxxxxxxxx (David P. Kemp)
Date: Wed, 22 Jan 1997 09:43:27 -0500

> 
> "My definition" stemmed from the suggestion by Russ Housley. It wasn't 
> my intention to propose a change to the X.509v3 DAM. However, just the
> fact that we're having this discussion indicates that the text in the
> DAM under subclause 12.2.2.3 might be too vague.
>
> [...]
> 
> Have we reached a common understanding of this issue?

Yes, I believe so :-).

I agree that there could be a little more explanation/clarification
(in the form of a "Note --"?) in DAM 1 to X.509, and a lot more in pkix
part 1.  I understand that Hoyt will consider redline changes to the DAM
(ftp://nc-17.ma02.bull.com/pub/OSIdirectory/Certificates/Certificates1Dec...)
in March, despite the document being labeled "Final Final draft (1 December)",
so perhaps a small clarification is possible.

I also agree that it is necessary to be able to issue a non-repudiation
key that should not be used for authentication (although it's up to the
signer, not the verifier as in most other cases, to enforce that
restriction).  It's also a good idea for signers never to sign
a bare "random" challenge, for the reason you suggest.  The signer
should always mix in his own random component before signing, and
the bank should never honor an e-check of the form
"pay $1000 <random garbage>" or "<random garbage> pay $1000", it
should verify that the transaction is in the exact form required.

Prev by Date: Message not deliverable
Next by Date: [no subject]
Previous by thread: Re: Interpretation of KeyUsage?
Next by thread: Message not deliverable
Index(es):
- Date
- Thread