[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: German Key Usage
Sorry for being a little bit hasty in my last reply to this subject.
After inspecting all these definitions of key usage it seams obvious that
there is a great majority for having the definition:
Digital signatures: for verifying digital signatures for purposes other
than non-repudiation (and CRL + cert sign).
There is only different ways to expless it and to define the difference
between DS and non-repudiation.
This indicates that the digitalSignature and the non-repudiation bits
are independent with separate meanings and that the PKIX definitions are
compliant to this.
It is worrying though if ISO Draft 15782 and German signature law has
come to a different conclusion.
Simonetti David wrote:
<snip>
>You may note
>the difference between the PKIX profile and the others is the use of the
>term "ephemeral". Some have balked at the use of this term in an
>international standard, but if someone has a better suggestion then I'd
>like to hear it.
>
The aspect of the signers consious acceptance of signed messege context
could be used to enhance the distinction.
I do beleve that this is one of the most important purposes of sperating keys
for authentication and non-repudiation signing. I.e. The key marked for non-
repudiation shall not be used without a consious will from the signer to
sign this message context while the authentication key is used unconsiously.
Having this separation can signifcantly increase the evidence value of
a signature made with a key exclusively marked for non-repudiation.
/Stefan Santesson
-------------------------------------------------------------------
Stefan Santesson <stefan@accurata.se>
Accurata Systemsäkerhet AB
Lotsgatan 27 D Tel. +46-40 152211
216 42 Malmö Fax. +46-40 150790
Sweden Mobile +46-70 5247799
PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0
-------------------------------------------------------------------