[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Real-world issues, Re: Deprecate the NR bit?

To: Bob Jueneman <BJUENEMAN@xxxxxxxxxx>
Subject: Re: Real-world issues, Re: Deprecate the NR bit?
From: Ed Gerck <egerck@xxxxxxx>
Date: Thu, 02 Sep 1999 10:37:54 -0700
Cc: ietf-pkix@xxxxxxx
References: <s7ce51e3.071@prv-mail25.provo.novell.com>


Bob Jueneman wrote:

> Ed, I agree with much of what you said, but there is an important case
> which you left out, and that is where I as the signer do not trust
> certain applications, operating systems, etc., etc., to make use of my
> "death warrant" certificate keys, and in particular don't want to ever
> have such keys generated or stored in software,  as opposed to a
> (more) secure smart card.
>
Bob:

Agreed. However, this still does not apply to that case which Steve
mentioned and which I was commenting, namely as he said that "Not
all applications may be trusted to  properly assert invocation  of
NR services".  Because who invokes NR services is the relying-party,
that needs to prevent the denialof a previous act by the signer.  In
other words,  in *all* cases, the  signer is in a better position if NR
does NOT work ;-)  since, if  a belated need arrives, the signer can
then choose to repudiate using his "death warrant" key , but the
signer can  likewise choose not to repudiate as well.

I stay then with what I commented, that both the cert  issuer and the
cert subject (i.e., the signer) will be *relieved* of any "NR services"
 in case the "NR services" fail due to reasons not attributable to them
-- which  means that is irrelevant to either of them whether the
relying-party fails or not fails to use an application that can "be trusted
to properly assert invocation of NR services".

> So it is not only the relying party who may be concerned with such a
> bit, but the  signer as well.
>
Yes, but in different roles.  The signer must be concerned that his "death
warrant" certificate key is correctly used in order to assert the NR bit in a
signature (including the application he uses for this). OTOH, the
relying-party must be concerned that his system (including the
application he uses) will correctly prevent the denial of previous
signatures that had the NR bit set --  irrespective of who signed it,
could have been your secretary using your "death warrant" key when
you went elk hurting, sorry, hunting ;-)

In other words, in regard to the NR bit, the signer is concerned about
authentication (as always) while the relying-party is concerned about
non-repudiation (as specifically).

> Unless the CA is acting as either a notary or an insurance company, I
> see only a  very limited role for them in this discussion, however.
>
Yes, as I commented elsewhere, the non-repudiation mode of certification
is essentially verifier-centric -- not CA-centric.  This is perhaps what causes
so much confusion, since everyone is used to think more often in terms of
a CA-centric certification. Here, it is necessary to "shift gears" ;-)

Cheers,

Ed Gerck

Prev by Date: Re: Deprecate the NR bit?
Next by Date: Re: Deprecate the NR bit?
Previous by thread: Real-world issues, Re: Deprecate the NR bit?
Next by thread: Re: NR bit absence, was Re: Deprecate the NR bit?
Index(es):
- Date
- Thread