[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [IETF-PKIX] digitalSignature vs. nonRepudiation
Let me get one thing straight: I am avidly against recommending any
changes to X.509. It's taken too long to get where it is, and I am
against further inhibiting it.
I am all for profiling the key usages and clarifying their use for the
community in question. We have a tool, keyUsages. It's up to us to
figure out how to best use it.
Hal Lockhart wrote:
> At 05:14 PM 11/25/97 -0700, Bob Jueneman wrote:
> >I'd like to think that those who have ventured an opinion in this area are
> >reasonably knowledgable about the subject.
> >But if we cannot agree as what these bits mean, it is not likely that either
> >CAs or client software will understand or correctly implement the semantics,
> >no matter what the bottom line is.
> >Maybe we should just deprecate the whole X.509 keyUsage flags entirely --
> >they seem to be doing more harm than good.
> >Can someone make a case for why we should bother with them, if there is this
> >much confusion about their meaning?
> The usual reason given is that in some security domains, there is a desire
> to use certain keys only for certain purposes. In these domains, the CA
> wishes to enforce these policies by marking the certs as to the allowable
> usage(s). A couple of examples:
> A) I may have a (relatively) short key that I use in my smart card to login
> to online services. My smart card processor is slow, so I need to use a
> short key to keep the time reasonable. On the other hand, I have a very
> long key I use for signing contracts that may be in force for 30 years or
> B) My organization wishes to be able to recover data that has been
> encrypted in an emergency. For this reason, keys used for encrypting data
> are duplicated in some offline storage. However, it is both unnecessary
> and undesirable to copy keys used for signatures. Therefore the certs
> indicate the allowed uses.
> I think this discussion has confused two problems. If we separate them, we
> may be able to make some progress.
> 1) Assuming you accept the need to identify the permitted uses of a key,
> there needs to be some list of possible uses. As David Kemp has explained
> previously, the ones that have to do with signing things currently are:
> f) sign a cert
> g) sign a CRL
> b) sign user data
> a) sign something else (usually means sign ephemeral data as part of an
> authentication protocol)
> So the first issue is: are these the right categories? My sense is that
> most people on the list think they are. Since we are profiling X.509, I
> believe our only choices are a) accept the categories or b) leave out key
> usage entirely.
> 2) What should we call the categories? Here there is general agreement
> that the choice of nonrepudiation for (b) and digital signature for (a) is
> confusing. Many people look at these terms and apply all kinds of
> additional semantics to them.
> I am not sure what the rules allow, but David's message (and others)
> suggest that we can choose new terms that will not produce confusion. I
> heard suggestions like "sign data" for (b) and either "authentication" or
> "other" for (a). If this is allowed, let's agree on new, less confusing
> terms and stop debating whether the use of the "nonrepudiation" bit implies
> something about the CA's insurance coverage. ;-)
> Harold W. Lockhart Jr. Platinum Solutions Inc.
> Chief Technical Architect 8 New England Executive Park
> Email: firstname.lastname@example.org Burlington, MA 01803 USA
> Voice: (781)273-6406 Fax: (781)229-2969