Re: Key Usage Clarification in PKIX part 1
Trevor Freeman <trevorf@microsoft.com> Thu, 10 April 1997 16:07 UTC
Received: by suntan.tandem.com (8.6.12/suntan5.970212) for ietf-pkix-relay id JAA09192; Thu, 10 Apr 1997 09:07:59 -0700
Received: from INET-04-IMC.microsoft.com by suntan.tandem.com (8.6.12/suntan5.970212) for <ietf-pkix@tandem.com> id JAA09179; Thu, 10 Apr 1997 09:07:56 -0700
Received: by INET-04-IMC with Internet Mail Service (5.0.1458.8) id <241816SZ>; Thu, 10 Apr 1997 09:09:42 -0700
Message-ID: <926A199ED879D0119E2500805F509ADE1286EA@WSH-01-MSG>
From: Trevor Freeman <trevorf@microsoft.com>
To: "Pkix List (E-mail)" <ietf-pkix@tandem.com>
Subject: Re: Key Usage Clarification in PKIX part 1
Date: Thu, 10 Apr 1997 09:10:15 -0700
X-Priority: 3
X-Mailer: Internet Mail Service (5.0.1458.8)
Tom, I here what you are saying, and technically it looks a grey area as you are using a signing operation as part of the transformation. My concern is more a legal concern. In Europe, there are a number of active discussions going on about how law enforcement officers can gain warranted access to the users key material. Like it or not, this is likely to end in some sort of legislation as we do not have a constitution protecting us. I am well aware of the problems and arguments in this area, and am far from advocating the position. However in discussions, a difference is drawn between signing and encrypting certs since the purest view of signed things is that they remain in clear text. Law enforcement types are not interested in signing key material. In the case in point, this mechanism may not be acceptable under this type of legislation as the RSA or D-H key pair used for the actual key exchange is dynamically generated and is therefore not accessible. The solution to the problem would seem yet another key usage definition which would specifically allow or not a signing key to participate in encryption key material transformation which PKIX needs to define and the TLS code need to check. If signing certs are going to be used for this purpose this concern needs to be addressed in the TLS documents or there is going to be problems outside the US. Dr Trevor Freeman Senior Consultant Microsoft Consulting Services Microsoft Ltd ECU > Tel: UK(+44) 1734 270 412 >
- Re: Key Usage Clarification in PKIX part 1 Housley, Russ
- Re: Key Usage Clarification in PKIX part 1 Trevor Freeman
- Re: Key Usage Clarification in PKIX part 1 Tom Weinstein
- Re: Key Usage Clarification in PKIX part 1 Mike Smith
- Key Usage Clarification in PKIX part 1 Trevor Freeman