Recently, we have been having some discussion regarding
Nonrepudiation on the cert-talk list, and I have been taking the
position that the Nonrepudiation key usage bit should be reserved
for those key pairs that are used exclusively to indicate the user's
conscious and willing intent to be legally bound by what is being
signed.
Although I have only been watching the S/MIME list with one eye
open, so to speak, and haven't even had the time to download
the various specs, a potential problem did occur to me.
Is it possible, and should it be the norm, for the automatic reply
to confirm receipt to be signed with a completely different certificate
than is used to sign legally binding mail? How is this handled?
Bob
William Whyte <wwhyte(_at_)baltimore(_dot_)ie> 04/30/99 05:50AM >>>
Hi Bob,
(S/MIME v3 may raise an interesting issue here that I ought to go
check. Since it provides the ability to have a signed acknowledgment
of a message's receipt, I would hope that the certificate used for that
acknowledgment can be different from the one used to actually
and consciously sign are replay.)
Pleased to see someone else bring this up; I've just been writing
some documentation on our new S/MIME 3 toolkit, from a position of
relative unfamiliarity with the ESS services, and this really stuck
out like a sore thumb for me. I think it may have been an error to
put the automatic generation of receipts as a MUST without addressing
this problem. It may be worth raising on the list, despite the late
stage we're at in the proceedings.
Cheers,
WIlliam
Robert R. Jueneman
Security Architect
Network Security Development
Novell, Inc.
122 East 1700 South
Provo, UT 84606
bjueneman(_at_)novell(_dot_)com
1-801-861-7387