[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE: German Key Usage

To: <stefan@xxxxxxxxxxx>, <aram@xxxxxxxxx>, <nilsson@xxxxxxxx>, <simonetti_david@xxxxxxx>, <friedrip@xxxxxxxxxxxx>, <johansson@xxxxxxxxx>
Subject: Re: RE: German Key Usage
From: "Bob Jueneman" <BJUENEMAN@xxxxxxxxxx>
Date: Mon, 17 Aug 1998 11:48:54 -0600
Cc: <greenlee@xxxxxxxxxxxx>, <ietf-pkix@xxxxxxx>, <cert-talk@xxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxx

Paul Friedrich said: 
>
>     Aram Perez:
>     
>     Security 101: Any key (whether symmetric or asymmetric) should 
>     have one and only one use/purpose. Typically the uses are: 1) Key 
>     Exchange (or key encrypting), 2) Data encryption, and 3) Signature 
>     (or binding).
>     
>This is dogma. 

But a principle that has been increasingly well established as a codification of
good security engineering practice.  Yes, it is possible to blur such distinctions, 
but the burden of proof that the system then works as intended is on the "bluree".

>     
>     Just because you can do something technically does not mean that 
>     you should do it. There are plenty of security reasons why you 
>     should not use one key for more than one purpose.
>     
>Reason(s) must be the basis of keyUsage, not dogma. What's the 
>difference between 1) and 2), above? Why should they be distinguished?

Because, for one thing, strongler cryptography is allowed under most 
import/export regimes for key encryption than for data encryption. The trick
in the application or operating system is to be able to _prove_ that keys, and only
keys, are being encrypted with a key encryption key, before such an extension 
would be allowed.,
>     
>     Non-repudiation is more of a "business/legal" concept than a 
>     technical one. Asymmetric signatures can provide the property of 
>     non-repudiation only if you are 100% assured that the signer is 
>     the only entity that has access to the private key. I'm anxiously 
>     waiting for the first lawsuit related to the "non-repudiation" of 
>     a business transaction (performed with a private key stored on a 
>     file).
>     
>I agree. That's why *nonRepudiation* keys must remain separate form 
>anything that might be escrowed. This is not violated if 
>digitalSignature keys which are not asserted to support nonRepudiation 
>are escrowed, for example.

No, this is why a key that is intended to be used only for digital signature
purposes, and cannot be used for key encryption or data encryption,
should be kept separate in its use from encryption keys.

Whether a key is used for authentication (current meaning of digital signature)
or for binding signatures (current meaning of nonrepudation) has nothing to do with
whether the keys are escrowed or not.  If a key is escrowed, it should not be 
used for _either_ purpose -- authentication or binding signature.  (Which is one reason
why the SSL protocol is such a disaster.)

Bob

Robert R. Jueneman
Security Architect
Novell, Inc.
Network Products Group
122 East 1700 South
Provo, UT 84604
801/861-7387
bjueneman@novell.com

"Architects, like prophets and saints, are 
usually years ahead of their time. For this
reason they are often difficult to live with
at home."

Prev by Date: Re: Domains of Trust for PKIX
Next by Date: Authentication vs. binding signature, and ephemeral vs.permanent key usage
Previous by thread: Re: German Key Usage
Next by thread: RE: German Key Usage
Index(es):
- Date
- Thread