[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Key Usage in ISO 15782

To: "'blake.greenlee@xxxxxxxxxxxx'" <blake.greenlee@xxxxxxxxxxxx>, Stefan Santesson <stefan@xxxxxxxxxxx>, Simonetti David <simonetti_david@xxxxxxx>
Subject: RE: Key Usage in ISO 15782
From: Hans Nilsson <hans.nilsson@xxxxxxxx>
Date: Thu, 13 Aug 1998 16:03:16 +0100
Cc: ietf-pkix@xxxxxxx, "'Cert-Talk'" <cert-talk@xxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxx

Blake,

Now that I have looked up "ephemeral" in a dictionary (it means short-lived,
"only for a day", just like those beautiful insects), I think that the
definitions a) and b) are good.

However, I can then not understand why the document later states that "When
the nonRepudiation bit is set, the digitalSignature bit shall always be set"

Of course, one should be allowed to specify that a key ONLY should be used
for long-term signatures (non-repudiation) and not anything else. When both
bits are set, as required in 15782, it means that the key always may be used
for ephemeral data also.

And the statement above is also in conflict with the new table 8, where ANY
combination is allowed for the two bits in combinations 1 and 2 (and I can
see no difference between combination 1 and 2!)

I think this should be changed in 15782 (and consequently in the German
spec), by 
- deleting the sentence above
- allowing just one bit in each of combinations 1 and 2 (digSignature and
nonRepudiation respectively)

Hans

Follow-Ups:
- Re: Key Usage in ISO 15782
  - From: Simonetti David

Prev by Date: Re: Federal Profile
Next by Date: RE: ldapv2-schema and CA Certificates
Previous by thread: Certificate expirations...
Next by thread: Re: Key Usage in ISO 15782
Index(es):
- Date
- Thread