ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Back To Basics (Was "Re: Certificate requests for encryption keys")

1999-06-14 17:39:15
from [Aram Perez] [Permanent Link] 
I've been away for a couple of weeks so I've read with great interest all 
the discussion on this subject. I'd like to add my comments, starting with
what Bob Jueneman wrote:


This thread has engendered several interesting subthreads, but let's dispatch
the first one, first.


I did not understand Bob's answer to what he called "the first one". I
thought what started this thread was that Ilan Shacham wrote:


There has been much talk lately of using dual key pairs - one key pair
for encryption, and one for signing.
The following question arises - how does one create a certificate request
for an encryption key pair? after all, the certificate request is signed by
the key inside it, but the key is an encryption key, so this is illegal.


I'm assuming Ilan is talking about about the "Simple Enrollment Request"
from <draft-ietf-pkix-cmc-xx.txt> which based on a PKCS#10 message. PKCS#10
requires that "the certificate request is signed by the key inside it" and
thus his question. The "Full PKI Request" allows the request to "be signed
either by the private key material of the signature certification request,
or by a pre-existing signature key and certificate." I believe this
corresponds to Ilan's second solution. Ilan stated that this solution
provides "no Proof Of Posession of the encryption key". If I cannot attest
that a certificate request has my encryption public key with my signature,
of what use are digital signatures?

Also, I'm assuming that Ilan is talking about encryption keys used for key
management (key exchange, key wrapping, etc.) and not for encrypting data.
Hence Anne Anderson's comments about end-entities needing "to change
encryption keys frequently" does not make sense. The reason S/MIME uses
EnvelopedData is that is allows for a new *data encryption key* for every
message with a longer term *key management key*.

I agree with Bob Jueneman's position of having POP for the private key, but
I also agree with Terry Hayes' statement that even though Bob's suggestion
"is rather awkward", we should "Fix the operational level protocols
instead".

With respect to self-signed certificates, no matter what format (X.509, PGP,
SDSI, etc), whether it's from an end-entity or a CA, you have to verify it
out-of-band.

Regards,
Aram Perez
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Back To Basics (Was "Re: Certificate requests for encryption keys"), Aram Perez <=
Previous by Date:  NDSS 2000 SUBMISSION DEADLINE EXTENDED TO JUNE 23RD, David M. Balenson
Next by Date:  email software that supports S/MIME security, Ivan Perez-Armendariz
Previous by Thread:  NDSS 2000 SUBMISSION DEADLINE EXTENDED TO JUNE 23RD, David M. Balenson
Next by Thread:  email software that supports S/MIME security, Ivan Perez-Armendariz
Indexes:  [Date] [Thread] [Top] [All Lists]