[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: German Key Usage
I have long been woried about the implecations of using a generic
signature certificate for automated authentication purposes (many
times without a users knowledge) and using the same certificate
for non-repudiation purposes.
Stephan's interpretation and discussion makes me feel much more
comfortable. But what is the "rest of the story"? This approach
appears to create some complexities that may not have been
considered in other interpretations of the standards in many different
areas. Basically, we are now talking about a minimum of three
certificates being required to supply an individual a basic set of
functions (Authentication, Non-Repudiation, and Encryption).
Larry
-----Original Message-----
From: Stefan Santesson [SMTP:stefan@accurata.se]
Sent: Thursday, August 13, 1998 7:47 AM
To: Simonetti David
Cc: Hans Nilsson; ietf-pkix@imc.org; 'Cert-Talk'; Blake Greenlee
Subject: Re: German Key Usage
[[snip]
I do beleve that this is one of the most important purposes of sperating keys
for authentication and non-repudiation signing. I.e. The key marked for non-
repudiation shall not be used without a consious will from the signer to
sign this message context while the authentication key is used unconsiously.
Having this separation can signifcantly increase the evidence value of
a signature made with a key exclusively marked for non-repudiation.
/Stefan Santesson
-------------------------------------------------------------------
Stefan Santesson <stefan@accurata.se>
Accurata Systemskerhet AB
Lotsgatan 27 D Tel. +46-40 152211
216 42 Malm Fax. +46-40 150790
Sweden Mobile +46-70 5247799
PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0
-------------------------------------------------------------------