[Gnupg-pkcs11-users] PKAUTH
Brought to you by:
alonbl
From: Zeljko V. <zv...@gl...> - 2006-10-21 05:50:27
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 To Bob: You have missed that in X.509 it's not really clear what is supposed to be "authentication". If you read the X.509v3 profile in RFC2459, under 4.2.1.3 "keyUsage", you'll find the following: KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } keyEncipherment certificate may be used as an authentication certificate (RFC says "The keyEncipherment bit is asserted when the subject public key is used for key transport. For example, when an RSA key is to be used for key management, then this bit shall asserted.") On the other hand, digitalSignature certificate works as well, but (depending on the policy of the issuer/applicable laws/etc.) the user might not want to use that certificate (e.g. in Croatia, if a certificate has nonRepudiation asserted, it is supposed to be used for equivalent of hand-written signature). Bottom line: authentication _is_ plain signature. Deciding whether certificate may be used for authentication is a tricky business. What's worse, most of the users don't understand the underlying issues (which are a complex mix of laws, CA's policies, technical crypto stuff and personal "threat model"). If we let the users make a choice, they are most certainly going to make a wrong one. I personally cannot think of a reasonable algorithm that decides whether a certificate is eligible for authentication or not. Best regards, Zeljko. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFOa6vFtofFpCIfhMRAwFkAJ4zCsD3QYNyz91vm/4rcKrEZbjA9QCePLhy u4S1x+OTy7mtg/58Nc0Aqas= =yCzN -----END PGP SIGNATURE----- |