Re: Certificate requests for encryption keys

["Bob Jueneman" <BJUENEMAN@xxxxxxxxxx>]

Excellent question, and one we have been pondering as well,
since Novell's NICI strongly types keys and rigidly enforces the 
allowed operations.

Our working, temporary expedient, along the lines of your #1,
is to type the private key for both encryption and signature, but to 
only turn on the encryption bit in the certificate.  But that's an 
admittedly ugly hack.  Worse yet, it won't work at all with a 
DH encryption key.

The real question is what are existing CAs prepared to support
with respect to more advanced POP protocols?

Bob

Robert R. Jueneman
Security Architect
Network Security Development
Novell, Inc.
122 East 1700 South
Provo, UT 84606
bjueneman@novell.com
1-801-861-7387

>>> Ilan Shacham <ilans@arx.com> 06/08/99 10:39AM >>>
There has been much talk lately of using dual key pairs - one key pair
for encryption, and one for signing.
The following question arises - how does one create a certificate request
for an encryption key pair? after all, the certificate request is signed by
the key inside it, but the key is an encryption key, so this is illegal.

I can think of two possible solutions to this problem -
1. For the purposes of certification requests, and for this purpose only,
the
encryption key could be used to sign.
2. First, a certificate is issued to the signing key, and then the signing
key
is used to sign the certification request for the encoding key. (But this
way
there is no Proof Of Posession of the encryption key).

It looks to me like the first option is better, but I couldn't find any
reference
to this problem in the PKIX drafts/RFC's. Is there such a reference? are
there any applications out there that confronted this problem?

Ilan

------------------------------------------------------------------------
Ilan Shacham				mailto:ilans@arx.com 
Algorithmic Research Ltd.		http://www.arx.com 
10 Nevatim St.,			phone:	972 - 3 - 9279540
Petach-Tikva, Israel			Fax:	972 - 3 - 9230864