[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

German Key Usage

To: ietf-pkix@xxxxxxx, "'Cert-Talk'" <cert-talk@xxxxxxxxxxxxxxxxxx>
Subject: German Key Usage
From: Hans Nilsson <hans.nilsson@xxxxxxxx>
Date: Tue, 11 Aug 1998 08:30:26 +0100
Sender: owner-ietf-pkix@xxxxxxx

I am struggling with the question of the usage of the non-Repudiation Key
Usage bit. In a previous discussion, I claimed that the correct way would be
to have different keys for Authentication (performed automatically, for
example SSL client authentication) and Non-Repudiation (for legally binding
digital signatures, where the user should be made aware of what he is
signing). For the first key, the digitalSignature bit should be set, and for
the second key the nonRepudiation bit should be set.

As you all know, the Germans are now writing all the regulations and
specifications for putting their new Digital Signature Law into effect. They
have recently published version 2.0 of their Certificate Specifiation, which
is very thorough and detailed, and can be found at
http://www.bsi.bund.de/aufgaben/projekte/pbdigsig/download/a1-v2.zip

Regarding Key Usage, they write (my translation):

"The usage of the two bits digitalSignature and nonRepudiation differ in
such a way that the Authentication process usually is automatic and quite
frequent, whereas Digital Signatures for binding agreements are performed
conciously and less frequent by the certificate holder".
 
They then refer to the ISO Draft 15782 (Banking - Certificate Management
Part 1: Public Key Certificates) and state that only Combination 2 from that
specificaction should be used, where BOTH digitalSignature and
NonRepudiation are set. At the same time, they say that these "User
certificates shall not be used for Authentication purposes". This is of
course because their specificaction only concerns certificates for legally
binding digital signatures, i.e. nonRepudiation.

It is quite evident that they interpret the nonRepudiation bit as an
ADDITIONAL function for the digitalSignature mechanism, which is quite in
line with what Denis Pinkas wrote to me earlier:
---------------------------
"A long time ago, when participating to the ISO work I advocated for
the addition the NR bit.

To paraphrase what I already said: the digital signature bit is a
MECHANISM bit, while the non repudiation bit is a SERVICE bit.

When the digital signature bit is set, it means that the algorithm
specifies both the hash function and an asymmetric algorithm. In this
way, you know it is not an encryption key.

If the NR bit is not set, then the signed info is not valid for any
evidence. The key can however be used for an authentication or an
integrity service if the bit is set. My own view is that ONE SERVICE bit
should be set when the digital signature (MECHANISM) bit is set.

Denis"
----------------------------

Is Denis' and the German interpretation of the nonRepudiation bit right or
wrong?

I would be very happy if someone who participated in the original writing of
the X.509 specification could clarify the meaning of the this bit and how it
should be used. We need to have a common understanding and usage of this!

Regards
Hans Nilsson

Prev by Date: PKIX Part 1 Typo
Next by Date: RE: response to unauthorized OCSP reques
Previous by thread: PKIX Part 1 Typo
Next by thread: Re: German Key Usage
Index(es):
- Date
- Thread