[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Consensus Text for key usage?

To: "Aram Perez" <aram@xxxxxxxxx>
Subject: Re: Consensus Text for key usage?
From: Russ Housley <housley@xxxxxxxxxx>
Date: Wed, 08 Dec 1999 10:54:34 -0500
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>

At 02:26 PM 12/7/99 -0800, Aram Perez wrote:

>     This profile does not restrict the combinations of bits that may be
>     set in an instantiation of the keyUsage extension.  However,
>     valid combinations of bits are specified for particular algorithms
>     in section 7.3.

Like I mentioned in a private exchange, I would add something to the effect
of "Although there are no key restrictions, implementers should be aware
that certain combinations do not make sense (i.e. keyAgreement for RSA keys,
keyExchange for ECC keys) and some combinations may 'be insecure' (or
'lessen the security')."

The sections that discuss each algorithm could state which bits may or may not be set for that algorithm. In my view, algorithm specific information should not be included in the discussion of this extension.

Russ

References:
- Re: Consensus Text for key usage?
  - From: Aram Perez

Prev by Date: RE: No, was Re: QC biometrics needs re-engineering NOW!
Next by Date: Re: certificate which has both AIA and CRL DPs
Previous by thread: Re: Consensus Text for key usage?
Next by thread: Re: Consensus Text for key usage?
Index(es):
- Date
- Thread