[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PKIX-1 key purpose
> From: Russ Housley <housley@spyrus.com>
>
> Peter:
>
> I think that ObjectSigning could be more confusing that CodeSigning.
> Object Oriented Programming has nothing to do with the kind og Object you
> are proposing. Maybe ObjectCodeSigning is better than either of the
> earlier choices....
I'll have to agree with Peter on this one. "Web objects" includes
more than just "code" or "object code" -- it's not just java applets but
also text and images and metadata and manifests -- anything that can be
conveyed in an html page.
> At 04:02 AM 8/29/97 -0700, Peter Williams wrote:
> >PKIX-1 says, in repsect of the use of TLS to support http:-
> >
> >"id-kp-clientAuth OBJECT IDENTIFIER ::= {id-kp 2}
> > -- TLS Web client authentication
> > -- Key usage bits that may be consistent: digitalSignature
> >
> >To support TLS cipherSuite in which persistent D-H certificates
> >are issued to UAs (and thereby client authentication is not
> >performed using digital signature mechanisms) id-kp-clientAuth
> >should be extended in the bits that may be consistent:-
> > -- Key usage bits that may be consistent: digitalSignature
> >should be augmented to include keyAgreement.
Agree.
> > [for ObjectSigning]
> >
> >The consistent usage bits should be augmented to include
> >non-repudiation. There is is no less non-repudiable
> >grade service requirements for signing an interpreted install script,
> >HTML page, or an exe/dll/class file, then for signing an email.
I think I agree. My inclination is to reserve "non-repudiation" exclusively
for keys intended to be interpreted as legally binding upon the signer,
in which case most email signing keys should be regarded as "data origin
authentication", not NR. But given that signed email is currently
designated as NR, certainly signed objects should be regarded as NR too.
There is at least as much deliberate user action involved in signing an
object, and at least as much intent to vouch for the content.