Re: Extended Key Usage Extension
Tim Dierks <timd@consensus.com> Fri, 11 April 1997 00:54 UTC
Received: by suntan.tandem.com (8.6.12/suntan5.970212) for ietf-pkix-relay id RAA02762; Thu, 10 Apr 1997 17:54:46 -0700
Received: from proxy3.ba.best.com by suntan.tandem.com (8.6.12/suntan5.970212) for <ietf-pkix@tandem.com> id RAA02758; Thu, 10 Apr 1997 17:54:45 -0700
Received: from [199.81.221.188] (ietfguest88.fedex.net [199.81.221.188]) by proxy3.ba.best.com (8.8.5/8.8.3) with ESMTP id RAA16213; Thu, 10 Apr 1997 17:50:12 -0700 (PDT)
Message-Id: <v03020703af71e603dd3c@[199.81.221.188]>
In-Reply-To: <3.0.32.19970410115024.0073b384@pop.a001.sprintmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 09 Apr 1997 19:51:26 -0500
To: Warwick Ford <wford@verisign.com>
From: Tim Dierks <timd@consensus.com>
Subject: Re: Extended Key Usage Extension
Cc: ietf-pkix@tandem.com
At 11:50 AM -0700 4/10/97, Warwick Ford wrote: >id-kp-serverAuth OBJECT IDENTIFIER ::= {id-kp 1} >-- TLS Web server authentication >-- Key usage bits that may be consistent: keyEncipherment or keyAgreement >id-kp-clientAuth OBJECT IDENTIFIER ::= {id-kp 2} >-- TLS Web client authentication >-- Key usage bits that may be consistent: digitalSignature Warwick, thank you for this proposal. First, the minor note: id-kp-serverAuth is also consistent with digitalSignature, for modes in which the server signs an ephemeral RSA or Diffie-Hellman key. Also, it is my contention that it would be a good idea to provide values for no-serverAuth and no-clientAuth as well. This is an issue that arises because implementors need to interoperate with non-PKIX usage spaces and/or would like flexibility in certificate use. Specifically, let's say I am a TLS web client vendor. For interoperability reasons and backwards compatibility, I would like to allow servers to use X.509v1 certs and/or non-PKIX compliant X.509v3 certs. Since I cannot deny access because id-kp-serverAuth isn't there, I can't keep PKIX compatible clients (who I suggest should have no-serverAuth OIDs) from masquerading as SSL servers. You could battle this by marking the extension critical, but this would lead to an undesirable lack of flexibility: when we introduce secure telephony, one wouldn't be able to use a TLS client certificate for secure telephony because it presumably wouldn't have an id-kp-watsonComeHereINeedYou OID (which hadn't been invented when the cert was signed), even though the policy and distinguished name of the certificate might allow it. On the other hand, I suppose that it would be bad to have to list all the various things a certificate can't do, as well: id-kp-serverAuth, id-kp-breakTheLaw, id-kp-enableDoomsdayDevice, etc. - Tim Tim Dierks - timd@consensus.com - www.consensus.com Software Haruspex - Consensus Development Developer of SSL Plus: SSL 3.0 Integration Suite
- Re: Extended Key Usage Extension Warwick Ford
- Re: Extended Key Usage Extension Housley, Russ
- Re: Extended Key Usage Extension Tim Dierks
- Extended Key Usage Extension Warwick Ford
- Re: Extended Key Usage Extension mmyers