[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: proposed key usaged text -- the final round

To: "Linn, John" <jlinn@xxxxxxxxxxxxxxx>, "'Russ Housley'" <housley@xxxxxxxxxx>, ietf-pkix@xxxxxxx
Subject: RE: proposed key usaged text -- the final round
From: Tim Polk <wpolk@xxxxxxxx>
Date: Tue, 30 Nov 1999 09:36:33 -0500
In-reply-to: <>

John,

Is see the confusion. The answer is (b), the nonRepudiation bit is irrelevant when validating the signature on a certificate or certifcate status information (e.g., CRL or OCSP message).

Perhaps it would be clearer to simply say:

This service protects against the certificate subject falsely denying signing the data.

and add the following sentences to the next paragraph:

The values of the digitalSignature and nonRepudiation bits are not considered when validating the signature on certificates or certificate status information. (See keyCertSign and cRLSigning, below, for values that are considered when validating such signatures.)

Would this clear things up?

>
>Editorially, under the paragraphs for keyAgreement and keyEncipherment,
>"shall asserted" -> "shall be asserted".
>

Gee, my quality control must be slipping! Thanks for catching this one.

Thanks,

Tim Polk

At 04:49 PM 11/29/1999 -0500, Linn, John wrote:
>The content looks good. I've just one question and one editorial point. In
>the sentence re the NR bit, "This service protects against the certificate
>subject falsely denying signing the data, excluding certificate or CRL
>signing", I'm not sure how to interpret the scope and intent of the
>"excluding" clause. If a CA certificate has NR set, is the intent to say:
>(a) that the certified CA is free to deny issuance of any certificate or CRL
>it signs, (b) to state that the value of the NR bit is definitionally
>irrelevant to the repudiability of issued certificates or CRLs as the scope
>of the NR service is confined to usage on data other than certificates and
>CRLs, or (c) to state that the question of semantics (if any) of NR for
>certificate and CRL issuance is undefined in this specification, potentially
>to be considered in policy documents? I'll assume not (a), but it might be
>useful to clarify towards (b) or (c).
>
>Editorially, under the paragraphs for keyAgreement and keyEncipherment,
>"shall asserted" -> "shall be asserted".
>
>--jl
>
>

References:
- RE: proposed key usaged text -- the final round
  - From: Linn, John

Prev by Date: Re: dnQualifier topic - not solved yet.
Next by Date: RE: proposed key usaged text -- the final round
Previous by thread: RE: proposed key usaged text -- the final round
Next by thread: RE: proposed key usaged text -- the final round
Index(es):
- Date
- Thread