Re: generation of private keys

[Juergen Walter <walter@xxxxxx>]

Hallo Peter,

comments in lines

Peter Sylvester wrote:
> 
> > It seems to me that nearly anything that goes in a CPS
> > or which a relying party would need can be summed up in
> > a boolean "CA warrants this certificate" and, if both
> > you care and the bit is zero, you either self-insure,
> > sell your risk, or run screaming from the room.  Otherwise,
> > we will die the death of a thousand nuanced extensions.
> 
> Not at all, A boolean that says "CA warrants this certificate"
> has nothing to do with that.
> 
> In the case that I describe, the certificate only indicates
> that the given entity PRETENDS to own the corresponding private
> key, and that the CA (or its RA function) knows something about
> how to get to that person or thing. No cryptographic action
> to ensure proof of presence had been performed.

[Juergen] Why not? The CRMF draft MANDATES proof of possession. Can you
point out to me what does it mean PRETEND. Everybody is able to retrieve
someone else`s public key and PRETENDS to own the corresponding private
key. I think that the strength of the mechanism is the point. But I
would not tend to map this to a certificate extension. This is a concern
of the certification policy. [Juergen]
> 
> As a consequence, an application must always do that, for
> example when signing a challenge or document, the certificat
> (or something equivalent) must be included in the signature.
>
[Juergen] As a result, the application plays the role of the trusted
third party. I think this approach is different  from that one described
in the CRMF draft.
-- 
Juergen