[IETF-PKIX] Suggestions for Key Usage Profile

[Simonetti David <simonetti_david@xxxxxxx>]

Tim (et al),

As you stated at the meeting last week with respect to the key usage
profile, I
agree that PKIX should not restrict the bit combinations.  However, I
think the previous discussions on this topic proved obvious that there
are multiple interpretations of these bits.

In an attempt to clarify the meaning of several of the bits, I suggest
the following editorial changes to PKIX-1:

Section 4.2.1.3, paragraph beginning with "The digitalSignature bit is
asserted...", add the following, "The digitalSignature bit should be set
when the key is for use in ephemeral applications, e.g., for a single
session authentication application such as SSL."

Paragraph beginning with "The nonRepudiation bit is asserted...", add
the following, "The nonRepudiation bit should be set when when the key
is used to sign an object which may require the validation of the
signature at a future time."

I also suggest adding, "If the key may be used for both digitalSignature
and nonRepudiation applications, both bits may be set."

Finally, after the descriptions of encipherOnly and decipherOnly I
suggest adding the following:

"The encipherOnly and decipherOnly key usages are intended to provide
support for key agreement schemes where separate shared secret keys are
used in each direction of communication.  In such a scheme, a user has
more than one set of key pairs and bits 7 (encipherOnly) and 8
(decipherOnly) are used to distinguish between the two types.  The
originator of a message would use the recipient's public key certificate
with bits 4 (keyAgreement) and 7 (encipherOnly) to create a key
encryption key.  The recipient would use the originator's certificate
with bits 4 (keyAgreement) and 8 (decipherOnly) to create the key
encryption key.  Typically the originator would pass his own certificate
with bits 4 and 8 along with the message."

Regards,

Dave Simonetti