[Gnupg-pkcs11-users] PKAUTH

[Zeljko V. <zv...@gl...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


To Bob: You have missed that in X.509 it's not really clear what is supposed
to be "authentication". If you read the X.509v3 profile in RFC2459, under
4.2.1.3 "keyUsage", you'll find the following:

     KeyUsage ::= BIT STRING {
           digitalSignature        (0),
           nonRepudiation          (1),
           keyEncipherment         (2),
           dataEncipherment        (3),
           keyAgreement            (4),
           keyCertSign             (5),
           cRLSign                 (6),
           encipherOnly            (7),
           decipherOnly            (8) }

keyEncipherment certificate may be used as an authentication certificate (RFC
says "The keyEncipherment bit is asserted when the subject public key is used
for key transport.  For example, when an RSA key is to be used for key
management, then this bit shall asserted.")

On the other hand, digitalSignature certificate works as well, but (depending
on the policy of the issuer/applicable laws/etc.) the user might not want to
use that certificate (e.g. in Croatia, if a certificate has nonRepudiation
asserted, it is supposed to be used for equivalent of hand-written signature).

Bottom line: authentication _is_ plain signature. Deciding whether certificate
may be used for authentication is a tricky business. What's worse, most of the
users don't understand the underlying issues (which are a complex mix of laws,
CA's policies, technical crypto stuff and personal "threat model"). If we let
the users make a choice, they are most certainly going to make a wrong one.

I personally cannot think of a reasonable algorithm that decides whether a
certificate is eligible for authentication or not.

Best regards,
  Zeljko.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFOa6vFtofFpCIfhMRAwFkAJ4zCsD3QYNyz91vm/4rcKrEZbjA9QCePLhy
u4S1x+OTy7mtg/58Nc0Aqas=
=yCzN
-----END PGP SIGNATURE-----