[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: German Key Usage

To: Hans Nilsson <hans.nilsson@xxxxxxxx>
Subject: Re: German Key Usage
From: "Simonetti David" <simonetti_david@xxxxxxx>
Date: Fri, 14 Aug 1998 13:41:10 -0400
Cc: Stefan Santesson <stefan@xxxxxxxxxxx>, ietf-pkix@xxxxxxx, "'Cert-Talk'" <cert-talk@xxxxxxxxxxxxxxxxxx>, Blake Greenlee <blake.greenlee@xxxxxxxxxxxx>
Organization: BAH
References: <>
Sender: owner-ietf-pkix@xxxxxxx

Dear Hans,

I have inserted responses below...

Hans Nilsson wrote:
> 
> David,
> 
> Thank you for the exhaustive summary of non-repudiation key usage in
> different specifications. Here is my own translation of the relevant section
> of the German Certificate Specification version 2.0 (sorry for the
> Swenglish):
> 
> "The designation of the bit digitalSignature describes the usage
> unsufficiently. Digital Signatures are mechanisms that serve to enable
> services like authentication or ensuring an undertaking. A suitable name for
> the bit digitalSignature would be authentication, whereby the real usage
> would be described.
> 
> The usage of the two bits digitalSignature and nonRepudiation differ in such
> a way that the authentication process usually is done automatically and
> quite often, whereas digital signatures digital signatures for securing an
> undertaking are made consiously and less frequent by the certificate holder.
> 
> In the context of this profile, only combinations 2 and 7 [from ISO CD
> 15782] are relevant. The usage of the keyUsage extension is mandatory and
> shall be marked critical in all certificates. When generating user
> certificates, only the bits digitalSignature and nonRepudiation (combination
> 2) are allowed to be used. Participant (=user? /hn) certificates shall not
> be used for authentication purposes". (Then follows a few sentences saying
> that CA certificates shall use combination 7).

Thank you for providing the translation.  The differentiation between a
"user" cert and a "participant" cert confuses me.  A "user" cert
includes the digitalSignature and nonRepudiation bits, but a
"participant" (user?) certificate cannot be used for authentication.  I
don't follow.  Also, I understand that you are just translating, but it
can't be good practice to refer to a draft standard in a law (except for
maybe X.509:).

> 
> You asked: Where is the confusion? My reply is:
> 
> Looking at all these different profiles, in the future some certificates
> will have BOTH bits set, and some applications will only use them for
> non-repudiation services, whereas other applications will use them for both
> (in violation of the German law? ;-). Other certicates will ONLY have the
> non-repudiation bit set, and may then not be usable in some applications.

First let me excuse the PKIX profile from this analysis since it does
not constrain the use of the key usages (then why are we discussing this
here?  because it's an excellent forum).  Let me restate the usages as
I've attempted to achieve universal interpretation (through efforts in
each of the communities including IETF-PKIX, American Standards
Committee, and ISO Banking working group):  digitalSignature may be used
for verifying signed ephemeral data for the purpose of authentication;
nonRepudiation may be used verify a signed object supporting the
delivery of the non-repudiation service.  The use of the term
"ephemeral" for digitalSignature is very intentional; it intended, for
example, for session-oriented authentication.  In contrast,
nonRepudiation is intended to be applied, for example, for verifying a
signed electronic message.  For those who argue that this signature in
itself does not provide authentication I entirely agree (the certificate
policy should address how the private key is managed).

With the exception of the German law, each profile allows
digitalSignature to be set independently.  Except for the ISO Banking
profile, the nonRepudiation bit may be set independent of any other
bit.  The ISO Banking profile strongly recommend that if
digitalSignature is set, then nonRepudiation should also be applied. 
This was a concession I made to this profile because of the strong
security practices this community applies to its communications (so even
if a cert was used only for session-oriented authentication, the
transactions are usually recorded and stored thereby affording
non-repudiation).

> 
> How will we ever get interworking between certificates issued according to
> these different standards, if they all have different setting and
> interpretation of the nonRepudiation bit?
> 
> My conclusion is: We have two choices and should settle for one of them:
> 
> A. The ISO 15782 and German interpretation (setting both bits when
> nonRepudiation is the intended usage). But then the other specifications you
> mentioned (Pkix, MISSI, FPKI) need to be changed to reflect that also.
> 
> B. The nonRepudiation bit is interpreted as implicitly using digital
> signatures, and SHOULD NOT be combined with anything else. This means
> changes to X.509 and ISO CD 15782. If possible, we should even change the
> name of the digitalSignature bit to authentication, because this is what
> everybody now explains in their specifications.
> 
> Probably A is the easiest way to go.

Though I can make no claims about the German law, I really don't think
the profiles differ considerably.

> 
> Hans

-- 
David Simonetti, Booz·Allen & Hamilton Inc.

Follow-Ups:
- Re: German Key Usage
  - From: Andreas Berger

References:
- RE: German Key Usage
  - From: Hans Nilsson

Prev by Date: RE: German Key Usage
Next by Date: Re: German Key Usage
Previous by thread: RE: German Key Usage
Next by thread: Re: German Key Usage
Index(es):
- Date
- Thread