[Top] [All Lists]

Summary of current nonRepudiation situation

2002-10-24 18:06:41

As it stands right now, I am putting the language in -CERT as Russ has
presented it:

    S/MIME receiving agents MUST NOT accept the signature of a message
    if it was verified using a certificate which contains the keyUsage
    extension without either the digitalSignature or nonRepudiation bit
    Sometimes S/MIME is used as a secure message transport for
    applications beyond interpersonal messaging. In such cases, the
    S/MIME-enabled application can specify additional requirements
    concerning the digitalSignature or nonRepudiation bits within the
    keyUsage certificate extension.

I believe that this is not contrary to any of the opinions voiced so far
about nonRepudiation semantics, and it does a fine job of offloading the
actual meaning and interpretation of this bit to good ol' "application
defined behavior".

Blake Ramsdell | Brute Squad Labs | 

<Prev in Thread] Current Thread [Next in Thread>