Since no one seems to have answered, I'll give you my very unbiased opinion
;-) The NR bit should never be set in any certificate as it doesn't mean
anything. It's my understanding that there is already work at X.509 on at
least renaming the bit to something more meaningful.
My dos centavos,
Blake Ramsdell wrote:
The use of the digitalSignature and nonRepudiation bits in the key usage
certificate extension are not explicitly covered in the current -CERT.
Where this would go is the rather brilliant language "interpretation and
syntax for all extensions MUST follow [KEYM], unless otherwise specified
However, there has been some concern that the wording in [KEYM] is not
sufficient, and that this should be addressed specifically in -CERT.
1. Which bits should be set for an end-entity certificate used to sign
an S/MIME message? Is there a difference in this application between
nonRepudiation and digitalSignature, or can the assertion of either be
sufficient to convey the proper signing authority?
2. Which bits should be set in CA certificates?
The current thinking is that if the extension is present, either (or
both) bits MUST be asserted on end-entity certificates when used for a
signature. If the extension is present in a CA certificate, then either
(or both) bits MUST be asserted also.
I'll be hiding under my bed if anyone needs me.
Blake Ramsdell | Brute Squad Labs | http://www.brutesquadlabs.com