Re: German Key Usage

[Andreas Berger <aberger@xxxxxxxxxxxxxxxx>]

As a co-author of the specification for the certs to be used in the
German system, I would like to clear up some things. First of all,
thanks for the translation. A fully translated version will be made
available, once we have collected all comments. Translating preliminary
stages is expensive and takes a lot of time (if that is a problem -
volunteers are welcome :-).

> > "The designation of the bit digitalSignature describes the usage
> > unsufficiently. Digital Signatures are mechanisms that serve to enable
> > services like authentication or ensuring an undertaking. A suitable name for
> > the bit digitalSignature would be authentication, whereby the real usage
> > would be described.
> >
> > The usage of the two bits digitalSignature and nonRepudiation differ in such
> > a way that the authentication process usually is done automatically and
> > quite often, whereas digital signatures digital signatures for securing an
> > undertaking are made consiously and less frequent by the certificate holder.
> >
> > In the context of this profile, only combinations 2 and 7 [from ISO CD
> > 15782] are relevant. The usage of the keyUsage extension is mandatory and
> > shall be marked critical in all certificates. When generating user
> > certificates, only the bits digitalSignature and nonRepudiation (combination
> > 2) are allowed to be used. Participant (=user? /hn) certificates shall not
> > be used for authentication purposes". (Then follows a few sentences saying
> > that CA certificates shall use combination 7).
> 
> Thank you for providing the translation.  The differentiation between a
> "user" cert and a "participant" cert confuses me.  A "user" cert
> includes the digitalSignature and nonRepudiation bits, but a
> "participant" (user?) certificate cannot be used for authentication.  I
> don't follow.  Also, I understand that you are just translating, but it
> can't be good practice to refer to a draft standard in a law (except for
> maybe X.509:).
There is only one type of certificate for end users. End users are
called participants (as they are participating in the PKI) or "key
holder" (Signaturschlüsselinhaber - Germans like to build long words) as
they are a holding a key.

The problem is the fuzzy wording used in the ISO documents. We tried to
closly follow PKIX and ISO requirements to keep the whole system
compatible. Ideally, a PKIX user anywhere on the world should be able to
verify a signature made under the rules of the german signature law.

> > How will we ever get interworking between certificates issued according to
> > these different standards, if they all have different setting and
> > interpretation of the nonRepudiation bit?
> >
> > My conclusion is: We have two choices and should settle for one of them:
> >
> > A. The ISO 15782 and German interpretation (setting both bits when
> > nonRepudiation is the intended usage). But then the other specifications you
> > mentioned (Pkix, MISSI, FPKI) need to be changed to reflect that also.
> >
> > B. The nonRepudiation bit is interpreted as implicitly using digital
> > signatures, and SHOULD NOT be combined with anything else. This means
> > changes to X.509 and ISO CD 15782. If possible, we should even change the
> > name of the digitalSignature bit to authentication, because this is what
> > everybody now explains in their specifications.
> >
> > Probably A is the easiest way to go.
Basically, we could change our specification since it is in the
discussion stage. Please send your comments to: digsig@bsi.de with a
subject if: SPEC.

We would greatly appreciate input on the key bit issue.

Andreas
-- 
Fifty-three percent of Fortune 1000 executives think the
Arch Deluxe is something that helps to run a computer.
-- Jericho Communications