[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: German Key Usage

To: "hans.nilsson@xxxxxxxx " <hans.nilsson@xxxxxxxx>, "simonetti_david@xxxxxxx " <simonetti_david@xxxxxxx>, "stefan@xxxxxxxxxxx " <stefan@xxxxxxxxxxx>, "lars.gu.johansson@xxxxxxxxx " <lars.gu.johansson@xxxxxxxxx>, Aram Perez <aram@xxxxxxxxx>
Subject: RE: German Key Usage
From: "Friedrichs, Paul" <friedrip@xxxxxxxxxxxx>
Date: Fri, 14 Aug 1998 12:02:00 -0400
Cc: "ietf-pkix@xxxxxxx " <ietf-pkix@xxxxxxx>, "cert-talk@xxxxxxxxxxxxxxxxxx " <cert-talk@xxxxxxxxxxxxxxxxxx>, "blake.greenlee@xxxxxxxxxxxx " <blake.greenlee@xxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxx

     

     Aram Perez:
     
     Security 101: Any key (whether symmetric or asymmetric) should 
     have one and only one use/purpose. Typically the uses are: 1) Key 
     Exchange (or key encrypting), 2) Data encryption, and 3) Signature 
     (or binding).
     
This is dogma. 
     
     Just because you can do something technically does not mean that 
     you should do it. There are plenty of security reasons why you 
     should not use one key for more than one purpose.
     
Reason(s) must be the basis of keyUsage, not dogma. What's the 
difference between 1) and 2), above? Why should they be distinguished?
     
     Non-repudiation is more of a "business/legal" concept than a 
     technical one. Asymmetric signatures can provide the property of 
     non-repudiation only if you are 100% assured that the signer is 
     the only entity that has access to the private key. I'm anxiously 
     waiting for the first lawsuit related to the "non-repudiation" of 
     a business transaction (performed with a private key stored on a 
     file).
     
I agree. That's why *nonRepudiation* keys must remain separate form 
anything that might be escrowed. This is not violated if 
digitalSignature keys which are not asserted to support nonRepudiation 
are escrowed, for example.

Paul

Prev by Date: Re: CMP issue and question
Next by Date: RE: German Key Usage
Previous by thread: RE: German Key Usage
Next by thread: RE: German Key Usage
Index(es):
- Date
- Thread