[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Deprecate the NR bit?

To: kent@xxxxxxxxxxx@ara.missi.ncsc.mil, BJUENEMAN@xxxxxxxxxx@ara.missi.ncsc.mil
Subject: Re: Deprecate the NR bit?
From: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>
Date: Fri, 3 Sep 1999 10:17:56 -0400 (EDT)
Cc: ietf-pkix@xxxxxxx
Reply-to: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>

> From: "Bob Jueneman" <BJUENEMAN@novell.com>
> 
> Although I strongly agree with the concept of requiring either the presence or 
> the absence of the NR bit with respect to certain applications, at this point 
the 
> meaning, and hence the value of the bit has been so degraded that personally,
> I despair of ever getting the horses back into the barn.


I hope that we all agree that as a general principle, applications
do not require the absence of any particular key usage bit:

 * Applications that do encryption require that the key
   transport/agreement bits be set, and ignore the signature and cert
   signing bits.

 * Applications that verify cert paths require that the
   cert/CRL signing bits be set, and ignore the signature and
   encryption bits.

 * Applications that support "non-repudiation" (however that is eventually
   defined) require that the NR bit be set and ignore the rest.
   
A community expresses its intent to prohibit the use of a particular
keypair for a particular combination of purposes by writing a
certificate profile that prohibits the corresponding bits from being
set simultaneously by a CA, and by requiring conformance to the
community certificate profile as a condition of extending trust to
that CA.

If, by some stretch of the imagination, the entire Internet Community
reached agreement that certain other key usages are incompatible with
"supporting non-repudiation", then that consensus could be elevated to
the PKIX CA conformance profile.  But even if such an agreement were
reached, there is no need for certain applications to require the
absence of the NR bit -- PKIX-conforming applications would simply
require the *presence* of the key usage bit appropriate to the operation
being performed, while PKIX-conforming CAs would not issue certain
combinations of key usage bits.

Note: I agree with the current text of RFC 2459 Section 4.2.1.3:
"This profile does not restrict the combinations of bits that may
be set in an instantiation of the keyUsage extension."

Follow-Ups:
- NR bit absence, was Re: Deprecate the NR bit?
  - From: Ed Gerck

Prev by Date: RE: SCVP-01
Next by Date: RE: End-Entity Certificate Policies
Previous by thread: Re: Deprecate the NR bit?
Next by thread: NR bit absence, was Re: Deprecate the NR bit?
Index(es):
- Date
- Thread