[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: proposed key usaged text -- the final round

Subject: Re: proposed key usaged text -- the final round
From: Ed Gerck <egerck@xxxxxxx>
Date: Thu, 25 Nov 1999 10:01:02 -0800
Cc: Russ Housley <housley@xxxxxxxxxx>, ietf-pkix@xxxxxxx, wpolk@xxxxxxxx
References: <> <>

Denis Pinkas wrote:

> I am not going to die with the proposed text :-) ...

But, perhaps we could all live with it ;-) and move on ....

> However, there are two sentences that are rather obscure or
> not helpul and I would like to take advantage of some earlier
> E-mail exchanges to canibalize these exchanges in order to
> improve the text. The two last sentences of the section
> explaining the NR bit could be deleted without loosing
> much:
>
>   [The nonRepudiation bit is asserted when the subject
>   public key is used to verify digital signatures used to
>   provide a non-repudiation  service].  This service protects
>   against the certificate subject falsely denying signing the
>   data, excluding certificate or CRL signing. In the case of
>    later conflict, a reliable third party may determine the
>    authenticity of the signed data.

I disagree -- the first sentence explains what the NR bit is used
for (to verify digital signatures) in a specific context ( to provide
a non-repudiation service), in contrast to explaining what the service
is and why it would be useful to use it (protects against the
certificate subejct falsely denying signing).

If you believe that it could be deleted without loosing much, and
in fact something *is* lost, then it is IMO better to keep it and be clear
in a subject which has been unclear for far too long.  I would rather we
would not need to beat this horse dead an umpth-time.

> I propose to keep the first sentence unchanged and have the following
> global replacement for the three sentences:
>
> " The nonRepudiation bit is asserted when the subject public key is
> used to verify digital signatures used to provide a non-repudiation
> service. When present, the nonRepudiation bit indicates that the
> private key corresponding to the subject public key present in that
> certificate may be used to indicate the user's conscious and willing
> intent to endorse what is being signed."

I disagree -- is there anything more "rather obscure or not helpul"
than "the user's conscious and willing intent"?  So, the change IMO
is in contradiction with the purpose. Further, "to endorse" may have
different legal meanings in different jurisdictions ("endorsement
sans recourse" in the UK is one of the few that does not have legal
consequences, but it needs to have the "sans recourse" appended
to it and it is not valid in civil law regimes where almost anything that
you do flows back to the original agent -- you).

Finally, I would lint anything that predicates measuring, assessing,
controlling or even estimating "the user's conscious and willing
intent" in PKIX because if there is anything that no law, policy or
dictatorship has ever managed to do is to control people's "conscious
and willing intent" -- so, this is a slippery slope which was already
debated, spotted and marked as leading nowhere in an Internet
protocol; and debating this on and on and on and on will not change
it or make it valid by repetition.

Gosh, if we can't even say *who* the sender is, *what* path did that
message take, *if* the full communication of the sender with all its follow
up certified partial messages arrived or if there was a partial or total denial
en route which was blocked by an attacker, then how can we say what
that unknown person in an unknown place with an unknown communication
*intented* to say???

> I would also propose to add a note that explains the case of a
> certificate having both the DS and the NR bits set and to place this
> addition at the end of the whole section 4.2.1.3:
>
> " Note: A certificate with the nonRepudiation bit set should only be
> used when it is possible to get full confidence of the environments
> where the private key will be used. If a certificate has both the
> digitalSignature and the nonRepudiation bit set, the entity owning
> the private key should have full confidence of all the various
> environments and applications where the private key will being used.
> For the cases where that condidence cannot be obtained, two
> different certificates, one with one public public key and the
> digitalSignature bit set and another one with a different public key
> and the nonRepudiation bit set, should be used."

I do not want to sound in opposition to your entire email, but I also
disagree. This is an "explanation mode" definition which is repetitive
("possible to get full confidence of the environments where the private
key will be used" and "should have full confidence of all the various
environments and applications where the private key will being used");
predicates an impossible condition (full confidence) in an overbroad
context (all  the various environments where the private key will be
used); indeterminate ("For the cases where that condidence cannot
be obtained"); ineffective ("two different certificates ..."); and
contradictory (why would two wrong certificates make a right one?)

Cheers,

Ed Gerck

References:
- proposed key usaged text -- the final round
  - From: Russ Housley
- Re: proposed key usaged text -- the final round
  - From: Denis Pinkas

Prev by Date: RE: Question:Authority Information Access
Next by Date: Re: proposed key usaged text -- the final round
Previous by thread: Re: proposed key usaged text -- the final round
Next by thread: Re: proposed key usaged text -- the final round
Index(es):
- Date
- Thread