[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: KeyUsage (keyEncipherment versus dataEncipherment)

To: Stephen Kent <kent@xxxxxxx>
Subject: Re: KeyUsage (keyEncipherment versus dataEncipherment)
From: Russ Housley <housley@xxxxxxxxxx>
Date: Fri, 07 Aug 1998 08:49:13 -0400
Cc: "Petra Glckner" <Petra.Gloeckner@xxxxxxxxxxxxxxxx>, ietf-pkix@xxxxxxx
In-reply-to: <>
References: <><>
Sender: owner-ietf-pkix@xxxxxxx

Petra:

I agrre with Steve, it should be (keyEncipherment.

Please take a look at draft-ietf-smime-cert-04.txt, S/MIME Version 3
Certificate Handling.

Russ


At 04:37 PM 8/5/98 -0400, Stephen Kent wrote:
>Petra,
>
>>Which bits need to be asserted in a certificate which I want to use
>>e.g. for encrypting emails ?
>>Using the hybrid method (data is encrypted symmetrically and the
>>symmetric key is encrypted asymmetrically) a certified asymmetric key
>>will be used for keyEncipherment, but I assume dataEncipherment is the
>>bit to be asserted, because I'm using the certified key for
>>confidentiality and protection of the data. Or should maybe both bits
>>be asserted in an encryption certificate ?
>
>I'd suggest that the keyEnciphermet flag is appropriate, since the key in
>the cert is used to encipher the message key.  The fact that the message
>key is used for data encipherment is not relevant, as that is another level
>removed.
>
>Steve
>

References:
- KeyUsage (keyEncipherment versus dataEncipherment)
  - From: Petra Glöckner
- Re: [IETF-PKIX] OCSP: Method of Identifying Certificates
  - From: John_Wray
- Re: KeyUsage (keyEncipherment versus dataEncipherment)
  - From: Stephen Kent

Prev by Date: Re: Request for OCSP Last Call
Next by Date: I-D ACTION:draft-ietf-pkix-ldapv2-schema-01.txt
Previous by thread: Re: KeyUsage (keyEncipherment versus dataEncipherment)
Next by thread: Re: [IETF-PKIX] OCSP: Method of Identifying Certificates
Index(es):
- Date
- Thread