[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: German Key Usage

To: Stefan Santesson <stefan@xxxxxxxxxxx>, Simonetti David <simonetti_david@xxxxxxx>
Subject: RE: German Key Usage
From: Blake Greenlee <blake.greenlee@xxxxxxxxxxxxxxx>
Date: Thu, 13 Aug 1998 09:29:57 -0400
Cc: Hans Nilsson <hans.nilsson@xxxxxxxx>, ietf-pkix@xxxxxxx, "'Cert-Talk'" <cert-talk@xxxxxxxxxxxxxxxxxx>, Blake Greenlee <blake.greenlee@xxxxxxxxxxxx>
Importance: Normal
In-reply-to: <>
Reply-to: blake.greenlee@xxxxxxxxxxxx
Sender: owner-ietf-pkix@xxxxxxx

Dear Folks:

The latest draft (and to go back to ballot in five days) version of
CD-15782-1 has the following definitions:

Comments are invited!

Blake

-----Original Message-----
From:	Stefan Santesson [mailto:stefan@accurata.se]
Sent:	Thursday, August 13, 1998 8:47 AM
To:	Simonetti David
Cc:	Hans Nilsson; ietf-pkix@imc.org; 'Cert-Talk'; Blake Greenlee
Subject:	Re: German Key Usage

Sorry for being a little bit hasty in my last reply to this subject.

After inspecting all these definitions of key usage it seams obvious that
there is a great majority for having the definition:

Digital signatures: for verifying digital signatures for purposes other
                    than non-repudiation (and CRL + cert sign).

There is only different ways to expless it and to define the difference
between DS and non-repudiation.

This indicates that the digitalSignature and the non-repudiation bits
are independent with separate meanings and that the PKIX definitions are
compliant to this.

It is worrying though if ISO Draft 15782 and German signature law has
come to a different conclusion.

Simonetti David wrote:
<snip>
>You may note
>the difference between the PKIX profile and the others is the use of the
>term "ephemeral".  Some have balked at the use of this term in an
>international standard, but if someone has a better suggestion then I'd
>like to hear it.
>

The aspect of the signers consious acceptance of signed messege context
could be used to enhance the distinction.

I do beleve that this is one of the most important purposes of sperating
keys
for authentication and non-repudiation signing. I.e. The key marked for non-
repudiation shall not be used without a consious will from the signer to
sign this message context while the authentication key is used unconsiously.

Having this separation can signifcantly increase the evidence value of
a signature made with a key exclusively marked for non-repudiation.

/Stefan Santesson

-------------------------------------------------------------------
Stefan Santesson                <stefan@accurata.se>
Accurata Systemsäkerhet AB
Lotsgatan 27 D                  Tel. +46-40 152211
216 42  Malmö                   Fax. +46-40 150790
Sweden                        Mobile +46-70 5247799

PGP fingerprint: 89BC 6C79 5B3D 591B 8547  1512 7D11 DBF4 528F 29A0
-------------------------------------------------------------------

Attachment: Key Usage text Word6-95.doc
Description: MS-Word document

References:
- Re: German Key Usage
  - From: Stefan Santesson

Prev by Date: Re: German Key Usage
Next by Date: RE: ldapv2-schema and CA Certificates
Previous by thread: Re: German Key Usage
Next by thread: RE: German Key Usage
Index(es):
- Date
- Thread