Re: [IETF-PKIX] digitalSignature vs. nonRepudiation

[Simonetti David <simonetti_david@xxxxxxx>]

Let me get one thing straight:  I am avidly against recommending any
changes to X.509.  It's taken too long to get where it is, and I am
against further inhibiting it.

I am all for profiling the key usages and clarifying their use for the
community in question.  We have a tool, keyUsages.  It's up to us to
figure out how to best use it.

Dave Simonetti

Hal Lockhart wrote:
>
> At 05:14 PM 11/25/97 -0700, Bob Jueneman wrote:
>
> >I'd like to think that those who have ventured an opinion in this area are
> >reasonably knowledgable about the subject.
> >
> >But if we cannot agree as what these bits mean, it is not likely that either
> >CAs or client software will understand or correctly implement the semantics,
> >no matter what the bottom line is.
> >
> >Maybe we should just deprecate the whole X.509 keyUsage flags entirely --
> >they seem to be doing more harm than good.
> >
> >Can someone make a case for why we should bother with them, if there is this
> >much confusion about their meaning?
>
> The usual reason given is that in some security domains, there is a desire
> to use certain keys only for certain purposes.  In these domains, the CA
> wishes to enforce these policies by marking the certs as to the allowable
> usage(s). A couple of examples:
>
> A) I may have a (relatively) short key that I use in my smart card to login
> to online services.  My smart card processor is slow, so I need to use a
> short key to keep the time reasonable. On the other hand, I have a very
> long key I use for signing contracts that may be in force for 30 years or
> more.
>
> B) My organization wishes to be able to recover data that has been
> encrypted in an emergency.  For this reason, keys used for encrypting data
> are duplicated in some offline storage.  However, it is both unnecessary
> and undesirable to copy keys used for signatures.  Therefore the certs
> indicate the allowed uses.
>
> I think this discussion has confused two problems.  If we separate them, we
> may be able to make some progress.
>
> 1) Assuming you accept the need to identify the permitted uses of a key,
> there needs to be some list of possible uses.  As David Kemp has explained
> previously, the ones that have to do with signing things currently are:
>
> f) sign a cert
> g) sign a CRL
> b) sign user data
> a) sign something else (usually means sign ephemeral data as part of an
> authentication protocol)
>
> So the first issue is: are these the right categories?  My sense is that
> most people on the list think they are.  Since we are profiling X.509, I
> believe our only choices are a) accept the categories or b) leave out key
> usage entirely.
>
> 2) What should we call the categories?  Here there is general agreement
> that the choice of nonrepudiation for (b) and digital signature for (a) is
> confusing.  Many people look at these terms and apply all kinds of
> additional semantics to them.
>
> I am not sure what the rules allow, but David's message (and others)
> suggest that we can choose new terms that will not produce confusion.  I
> heard suggestions like "sign data" for (b) and either "authentication" or
> "other" for (a).  If this is allowed, let's agree on new, less confusing
> terms and stop debating whether the use of the "nonrepudiation" bit implies
> something about the CA's insurance coverage. ;-)
>
> Hal
>
> =================================================================
> Harold W. Lockhart Jr.            Platinum Solutions Inc.
> Chief Technical Architect         8 New England Executive Park
> Email: hal@platsol.com            Burlington, MA 01803 USA
> Voice: (781)273-6406              Fax: (781)229-2969
> =================================================================