back to nothing, was Re: proposed key usaged text -- the final round

[Ed Gerck <egerck@xxxxxxx>]

Denis Pinkas wrote:

> I would like first to summarize where we are. Keeping the first
> sentence unchanged and adding the text you proposed to solve both my
> issue and John Linn issue we come to the following normative text:
>
> The nonRepudiation bit is asserted when the subject public key is
> used to verify digital signatures used to provide a non-repudiation
> service. The values of the digitalSignature and nonRepudiation bits
> are not considered when validating the signature on certificates or
> certificate status information (see keyCertSign and cRLSigning,
> below, for values that are considered when validating such
> signatures.)

Should I understand this suggestion as a substituion for the first
sentence or for the entire paragraph?  Either way, the suggestion
seems to cut the part where the *meaning* of the NR bit is
given.  The original text was:

 The nonRepudiation bit is asserted when the subject public key is
 used to verify digital signatures used to provide a non-repudiation
 service.  This service protects against the certificate subject
 falsely denying signing the data, excluding certificate or CRL
 signing. In the case of later conflict, a reliable third party may
 determine the authenticity of the signed data.

So, I fail to see how the suggested text is better. In fact, I think it
turns back the clock some six months and we are again back
to nothing.

If you want to deprecate the NR bit, please say so.

> Thenafter I agree that warnings should be moved in the security
> consideration section. So the only remaining point should be to
> agree on that text. You proposal was missing the case of the two
> bits set. Here is a new attempt:
>
> "A CA may include the key usage extension and assert the
> nonRepudiation bit when issuing a certificate. When such a
> certificate is delivered, it implies that the owner of the
> corresponding private key should be warned that, in the event of a
> dispute, he may be held responsible of the data signed with this
> key.

"The owner of the private key should be warned" -- we are again back
some six months ago.  Non-repudiation cannot be imposed,
it has to be voluntary.  Why should the CA tell me that I may be
held responsible when the CA themselves says that they are never
responsible, provide no warranty, no assurances, yada yada?

> If a certificate has both the digitalSignature and the
> nonRepudiation bit set, the owner of the private key should make
> sure that all the environments and applications where the
> corresponding private key is being used do not allow a misuse of
> that private key.

*All the enviroments and the applications" -- can we be more less
assuming?  If even the CA refuses to accept responsibility for their
environment, I presume that the above text is fictional to the extreme
and unfair.  Besides, it is outdated by six months.

Again, the lack of a real-world model is apparent in the previous
work and percolates here.

> If that condidence can only be obtained in some
> environments, two different certificates, one with one public public
> key and the digitalSignature bit set and another one with a
> different public key and the nonRepudiation bit set, should be used,
> so that the private key corresponding to the certificate with the
> nonRepudiation bit set is only used in secure environments."

Dennis:

I see that we are back to nothing if we follow your suggestions.

Again, if you want to deprecate the NR bit, please say so.  This is
what the market, if not this list, will do if your suggestion is accepted
*over all the discussions here*.  Those issues that you want to
"introduce" now at the final round were already discussed and
rejected. Why discuss them to death over and over and over?

Cheers,

Ed Gerck