Ian Brown commented recently on the key flag section of the draft.
This got us wondering about how close the key flag was to an X.509 key
usage flag.
5.2.3.20. Key Flags
(Octet string)
This subpacket contains a list of binary flags that hold information
about a key. It is a string of octets, and an implementation MUST NOT
assume a fixed size. This is so it can grow over time. If a list is
shorter than an implementation expects, the unstated flags are
considered to be zero. The defined flags are:
First octet:
0x01 - This key may be used to certify other keys.
0x02 - This key may be used to sign data.
0x04 - This key may be used to encrypt communications.
0x08 - This key may be used to encrypt storage.
[...]
So the question is does this mean that it is possible to say that a
key may not be used for certification? ie if one has a certificate
from a third party, or from a CA which gives key flag 0x2 and 0x4 only
would this mean that PGP 5.x or 6.x, or other OpenPGP complaint
implementations software might consider that the key is only allowed
to sign and encrypt data and refuse to use it to certify, or that
receiving implementations might consider a certification invalid when
given by a key so marked?
Enciphering minds want your consider opinions and interpretations.
Being technically unable to mark keys as 'not for certification' is a
big win in the government key escrow argument. Eg. the current Uk
government drive is to legislate that ISPs must (I quote):
Annex A III: "An applicant will need to demonstrate that the
certificates it issues have all the following information... an
unambiguous statement that the certificate must not be used to validate
a key being used to secure the confidentiality of information"
ie that concept that a CA can restrict your ability to use a signature
key for certification. Unfortunately this wedge works rather well
against S/MIME the way most vendors implement it. The clients can't
even certify *anything*, plus the keyUsage flag allows the not for CA
use to be specified, and many of the clients honor this flag.
The other text in RFC2440 below this says:
Usage notes:
The flags in this packet may appear in self-signatures or in
certification signatures. They mean different things depending on who
is making the statement -- for example, a certification signature
that has the "sign data" flag is stating that the certification is
for that use. On the other hand, the "communications encryption" flag
in a self-signature is stating a preference that a given key be used
for communications. Note however, that it is a thorny issue to
determine what is "communications" and what is "storage." This
decision is left wholly up to the implementation; the authors of this
document do not claim any special wisdom on the issue, and realize
that accepted opinion may change.
Adam