[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Key Usage in ISO 15782

To: Stefan Santesson <stefan@xxxxxxxxxxx>, Simonetti David <simonetti_david@xxxxxxx>, Blake Greenlee <blake.greenlee@xxxxxxxxxxxxxxx>
Subject: RE: Key Usage in ISO 15782
From: "Scott, Greg" <scottg@xxxxxxxxxxxx>
Date: Thu, 13 Aug 1998 14:19:00 -0400
Cc: Hans Nilsson <hans.nilsson@xxxxxxxx>, "ietf-pkix@xxxxxxx " <ietf-pkix@xxxxxxx>, "'Cert-Talk'" <cert-talk@xxxxxxxxxxxxxxxxxx>, Blake Greenlee <blake.greenlee@xxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxx

Blake,
   
Thanks for giving us a chance to comment.  The use of these key usage bits 
keeps coming up.  What follows is how the 15782 text confuses me, and some 
suggestions what to do about it:
   
   "a)    digitalSignature: for verifying digitally signed ephemeral data
          for the purpose of entity authentication;"
   
The above would seem clearer if written:
   
   "a)    digitalSignature: for verifying a digital signature that
          authenticates an entity; "
   
To me authentication is well understood to be an immediate act.  Using an 
adjective like "ephemeral," a word most English speakers have to go to the 
dictionary for, is unnecessary.
   
   "Absent conflicting business requirements, this bit should always be set 
   for digital signature certificates."
   
I'm not sure what this is saying.  Is it recommended that this bit always 
be set in entity certificates?  Some on the lists have argued that use of 
the non-repudiation should be a conscious choice of the user, is that what 
"Absent conflicting business requirements," refers to?  How is this 
sentence related to the Valid Combinations in Table 8?  I recommend its 
deletion.
   
   "When the public key is used only to validate the authenticity and 
   integrity of signed data (exclusive of certificates and CRLs), then only 
   digitalSignature shall be set.  When the public key is used for this 
   purpose, no other key usage may be set. This is illustrated as 
   Combination 1 in Table 8."
   
The text and table 8 seem in conflict.  Table 8 tells me that to 
authenticate (combination 1) I can use the DS bit, the NR bit, or both 
bits.  The text says only the DS bit can be used.  I'd change the table to 
reflect the text.  A dot in the DS row, and a "x" in the NR row.
   
   "In financial applications, a digital signature, together with 
   appropriate business controls and agreements, may provide the service of 
   non repudiation."
   
Is this supporting some kind financial industry legacy system?  Is it 
intended for a standalone financial network?  (Don't want to be transacting 
those big bucks where just us folks can get to em.)  It just seems to me 
that if the certificate is going to be carrying the key usage bit string 
any way, they could enable the NR bit like everyone else.  
   
   When the public key supports the non-repudiation service, then the 
   nonRepudiation bit shall be set., and no others may be set.  This is 
   illustrated as Combination 2 in Table 8.  When the nonRepudiation bit is 
   set, the digitalSignature bit shall always be set.  This combination 
   provides a cryptographic separation between the function of signing data 
   and the function of signing certificates and CRLs.
   
The text and the table don't seem to agree.  The first and third sentence 
of the paragraph don't agree.  The first sentence tells me that to 
establish a NR service, use the NR bit alone, the table should have a black 
dot in the NR row, "x" in all other rows.  The table tells me that I can 
provide non-repudiation service with the DS bit, the NR bit, or both.  The 
third sentence tells me that to provide NR service, both the DS and NR bits 
need to be set, i.e. black dots in both the DS and NR rows.  

I interpret the fourth sentence as saying combination 2 exists because 
combination 6 exists.  Is this correct?

Most of what I've gotten off the lists is that DS bit is a mechanism, while 
the NR bit is a service.  This implies that the third sentence is the 
correct way to go.  However,
   
   Some communities may want to use a certificate for both signature 
   applications.  While both bits are allowed to be set, there are 
   possibilities of an attack, hence the practice of setting both bits 
   should be strongly discouraged.
   
So the first sentence of the previous paragraph is correct?  If so, it would

also follow that authentication was inherent in the non-repudiation bit.  Or

does this say some would want to use a single certificate to cover both 
Combinations 1 and 2.  Is that the meaning of the "A" in the DS and NR rows?

If you had combination 2 with both bits enabled wouldn't that serve the same

purpose?

Well as you can see I'm easily confused.  For some reason the metaphor of 
putting 10 lbs. in a 1 lb. bag keeps coming to mind.

I hope some of what I suggest helps.  I'm off on a two week vacation now,
but 
I'll be interested to see how this has played out in my absence.

R/s Greg

Prev by Date: RE: ldapv2-schema and CA Certificates
Next by Date: Re: Major comments on OCSP (and LDAP Sec
Previous by thread: Re: Key Usage in ISO 15782
Next by thread: Re: RE: Key Usage in ISO 15782
Index(es):
- Date
- Thread