[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: German Key Usage

To: "Friedrichs, Paul" <friedrip@xxxxxxxxxxxx>, "hans.nilsson@xxxxxxxx" <hans.nilsson@xxxxxxxx>, "simonetti_david@xxxxxxx" <simonetti_david@xxxxxxx>, "stefan@xxxxxxxxxxx" <stefan@xxxxxxxxxxx>, "lars.gu.johansson@xxxxxxxxx" <lars.gu.johansson@xxxxxxxxx>
Subject: Re: German Key Usage
From: "Aram Perez" <aram@xxxxxxxxx>
Date: Fri, 14 Aug 1998 10:58:39 -0700
Cc: "ietf-pkix@xxxxxxx" <ietf-pkix@xxxxxxx>, "cert-talk@xxxxxxxxxxxxxxxxxx" <cert-talk@xxxxxxxxxxxxxxxxxx>, "blake.greenlee@xxxxxxxxxxxx" <blake.greenlee@xxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxx

Paul Friedrichs wrote:
>
>     Aram Perez:
>     
>     Security 101: Any key (whether symmetric or asymmetric) should 
>     have one and only one use/purpose. Typically the uses are: 1) Key 
>     Exchange (or key encrypting), 2) Data encryption, and 3) Signature 
>     (or binding).
>     
>This is dogma. 

One's man's dogma is another man's good security practice ;-)

>     
>     Just because you can do something technically does not mean that 
>     you should do it. There are plenty of security reasons why you 
>     should not use one key for more than one purpose.
>     
>Reason(s) must be the basis of keyUsage, not dogma. What's the 
>difference between 1) and 2), above? Why should they be distinguished?

What's the difference between 1), 2) and 3) for asymmetric algorithms? In all
three cases you are encrypting something: 1) a key, 2) a data stream, and 3) a
digest.

>     
>     Non-repudiation is more of a "business/legal" concept than a 
>     technical one. Asymmetric signatures can provide the property of 
>     non-repudiation only if you are 100% assured that the signer is 
>     the only entity that has access to the private key. I'm anxiously 
>     waiting for the first lawsuit related to the "non-repudiation" of 
>     a business transaction (performed with a private key stored on a 
>     file).
>     
>I agree. That's why *nonRepudiation* keys must remain separate form 
>anything that might be escrowed. This is not violated if 
>digitalSignature keys which are not asserted to support nonRepudiation 
>are escrowed, for example.

Why would you ever escrow any signature key? I personally have never heard of
any proposal/plan/law/etc to escrow signature keys. My understanding of why the
US Government and law enforcement want key escrow is to decrypt information, not
to be able to regenerate a signature.

I will re-state: "There are plenty of security reasons why you should not use
one key for more than one purpose." (and not just dogma).

Regards,
Aram Perez
Apple Computer, Inc.

Follow-Ups:
- Re: German Key Usage
  - From: Simonetti David

Prev by Date: Re: proof-of-possession for DH keys
Next by Date: Re: German Key Usage
Previous by thread: RE: German Key Usage
Next by thread: Re: German Key Usage
Index(es):
- Date
- Thread