Re: Key Usage Clarification in PKIX part 1

[Trevor Freeman <trevorf@microsoft.com>]

Tom,

I here what you are saying, and technically it looks a grey area as you
are using a signing operation as part of the transformation. 

My concern is more a legal concern. 

In Europe, there are a number of active discussions going on about how
law enforcement officers can gain warranted access to the users key
material. Like it or not, this is likely to end in some sort of
legislation as we do not have a constitution protecting us. I am well
aware of the problems and arguments in this area, and am far from
advocating the position. However in discussions, a difference is drawn
between signing and encrypting certs since the purest view of signed
things is that they remain in clear text. Law enforcement types are not
interested in signing key material. In the case in point, this mechanism
may not be acceptable under this type of legislation as the RSA or D-H
key pair used for the actual key exchange is dynamically generated and
is therefore not accessible.

The solution to the problem would seem yet another key usage definition
which would specifically allow or not a signing key to participate in
encryption key material transformation which PKIX needs to define and
the TLS code need to check. 

If signing certs are going to be used for this purpose this concern
needs to be addressed in the TLS documents or there is going to be
problems outside the US.

Dr Trevor Freeman
Senior Consultant
Microsoft Consulting Services
Microsoft Ltd ECU
> Tel: UK(+44) 1734 270 412 
>