From: Ken G. <kgu...@te...> - 2004-06-10 05:33:22
|
At the risk fo sounding stupid, could someone please enlighten me=20 regarding correct usage of dig sig bit? I note the initial CA=20 gengerated by ca.sh, has CRL and Key sign bits set, but omits dig sig=20 bit. The bit is set however on default (fixed) root and subca's.=20 Per RFC3280: "The digitalSignature bit is asserted when the subject public key is=20 used with a digital signature mechanism to support security services=20 other than certificate signing (bit 5), or CRL signing (bit 6). Digital=20 signature mechanisms are often used for entity authentication and data=20 origin authentication with integrity." TIA- --=20 Best regards, Ken Gunderson GPG Key-- 9F5179FD "Freedom begins between the ears." -- Edward Abbey |