[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: non-repudiation, was Re: proposed key usage text

To: ietf-pkix@xxxxxxx
Subject: Re: non-repudiation, was Re: proposed key usage text
From: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>
Date: Thu, 18 Nov 1999 15:56:01 -0500 (EST)
Reply-to: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>

> Date: Thu, 18 Nov 1999 12:02:54 -0800
> From: Ed Gerck <egerck@nma.com>
> 
> Stefan Santesson wrote:
> 
> > How can you say that the X.509 definition is wrong???
> 
> Because it is redundant (the same as authentication as I commented)
> and thus superfluous.

Some people believe that there is a difference between "provable
data origin authentication with integrity" and "entity authentication",
and that nonRepudiation as used in X.509 is an appropriate name for the
former.

Applications may require the keyEncipherment bit to be set before using
a key for key encipherment.  Applications may require the
nonRepudiation bit to be set before signing a chunk of non-ephemeral
data.  In neither case is it relevant how or why the keyUsage bit got
set in the first place, or what X.509 label is attached to the bit; the
end result is that given a cert, an app will perform some operations
with the key and will not perform others.  That is a concrete,
understandable definition of behavior.

Some people believe it's also a useful definition.

Follow-Ups:
- Re: non-repudiation, was Re: proposed key usage text
  - From: Ed Gerck

Prev by Date: usubscribe
Next by Date: Re: non-ephemeral vs. non-repudiation, was Re: proposed key usagetext
Previous by thread: Re: Certificate Policy vs Certification Practice .. where are the boundaries? ... what belongs where?
Next by thread: Re: non-repudiation, was Re: proposed key usage text
Index(es):
- Date
- Thread