Re: proposed key usaged text -- the final round

[Tim Polk <wpolk@xxxxxxxx>]

Russ & Paul,

I agree, the security considerations section is the right place to address this.  Do you have a problem with the paragraph if it goes there?

Thanks,

Tim

At 11:56 AM 12/01/1999 -0800, Paul Hoffman / IMC wrote:
>At 12:48 PM 12/1/99 -0500, Russ Housley wrote:
>>>>
> >Denis Pinkas proposed the following:
> >
> >    The protection afforded private keys is a critical factor in main-
> >    taining security.  On a small scale, failure of users to protect
> >    their private keys will permit an attacker to masquerade as them, or
> >    decrypt their personal information. [stuff about CA keys deleted]
> >
> >Tim Polk countered with the following:
> >
> >       A CA may include the key usage extension and assert the 
> >nonRepudiation bit
> >       when issuing a certificate.  This implies that a reliable third 
> >party will
> >       be able to determine the authenticity of signed data in the event of 
> >a dispute.
> >       If the certificate subject uses the private key in an insecure 
> >environment,
> >       it may be difficult to detect or prevent key compromise.  This could 
> >prevent a
> >       reliable third party from determining the authenticity of signed 
> >data.  A CA
> >       should consider the environment of the private key before asserting the
> >       nonRepudiation bit.
> >
> >I have a problem with either paragraph being added to this 
> >section.  Consequences of detected and undetected compromise belong in the 
> >Security Considerations section, not here.
> >
> >Russ
<<<<

>>
>I agree fully with Russ. There are dozens of places in this document where 
>we could also talk about the problem of the signing party's key being 
>compromised, and this one isn't all that important relative to the others.
>
>--Paul Hoffman, Director
>--Internet Mail Consortium
>
>