Warwick,
Please find enclosed a proposal for another `information object' which I
think should be considered along with the other certificate extensions work.
cheers,
Mike
User Key Material
Michael Roe
5th September 1994
This document proposes a new security infomration object
for use in key management with public key cryptography.
It is intended to be be considered under the NWI to
develop an addendum to ISO 9594-8 (The Directory -
Authentication Framework).
The intent of the User Key Material (UKM) security
information object is to enable an entity whose signature
key has already been certified to register a key which it
intends to use for a different purpose (e.g. key
agreement).
The UKM is signed by the entity using its signature key,
and contains:
* the name of the entity
* a cryptographic key
* the purposes for which the key will be used
* a unique identifier for the key
* the period of time during which the key is to be
considered as valid.
The UKM meets several needs which are not easily met
using public key certificates alone:
1. Keys used for different purposes may have different
validity periods. In particular, it may be desirable for
keys used for confidentiality to have a shorter lifetime
than keys used for integrity. It is possible to recover
from the compromise of an integrity key by revoking the
corresponding certificate. No such recovery is possible
with confidentiality keys: information which has
previously been exchanged under the compromised key may
be available to the attacker. Hence it is good practise
to change confidentialoty keys more often than integrity
keys.
If a key has a short life-time, it is inconvenient and
expensive to have to re-contact a certification
authority each time a new key is generated. The UKM
information object allows users to register new key
agreement keys at frequent intervals, using their
signature keys (which do not change as often) to provide
data origin authentication.
2. It may be desired to use different keys in
environments which have different levels of physical
protection. For example, a certification authority might
keep its certificate-signing key in a well-protected off-
line device, and use a different key to protect an on-
line revocation list service.
In the event that the ``low security'' key is compromised
but the ``high security'' key is not, an entity can use
their (uncompromised) signature key to create a UKM
information object which replaces the compromised key.
UKM := SIGNED SEQUENCE {
signature AlgorithmIdentifier,
version UKMVersion DEFAULT v1,
entity Name,
validity Validity,
creationDate UTCTime,
subjectPublicKeyInfo SubjectPublicKeyInfo,
keyUsage KeyUsage,
keyIdentifier BIT STRING OPTIONAL,
extensions UKMExtensions
}
UKMVersion ::= INTEGER { v1(0} }
userKeyMaterial ATTRIBUTE WITH ATTRIBUTE-SYNTAX UKM
MULTI-VALUE
::= { xxxx } -- to be assigned
ukmUser OBJECT-CLASS
SUBCLASS OF strongAuthenticationUser
MUST CONTAIN userKeyMaterial
::= { xxxx }