Re: SPKI signing keys only

[Bob Jueneman <BJUENEMAN@novell.com>]

>I think you're taking a different projection of the problem space from the
one 
>I'm used to.  To me, a key is a signature key or an encryption key, getting
its 
>name from the process with which it is used.
>
>I agree that you can also list the interpretation that key use leads to 
>(identification, authentication, authorization, ...) to name the key.  My 
>preference is to stick with my old habits but the suggestion is
interesting.
>
> - Carl
>
Carl, although the term "export controls" is not likely to be politically
correct in this forum, I would note that there are very real, practical
differences in the way that export controls are imposed on products, based
on the function that keys are used to provide as opposed to the process of
using them.

For example, keys used for key exchange are viewed more liberally than keys
used for data confidentiality. Keys used for authentication and digital
signatures are likewise. keys used to provide intellectual property
protection, secure financial transactions, and other classes of applications
are also given preferable treatment.

That being said, it is a significant challenge for the application developer
to prove to the satisfaction of the export authorities that the application
only makes use of a certain key for that function only. For example, just
labeling a key with a keyUsage flag of "signature" won't buy you much,
unless you can prove that the application actually enforces that
restriction.

Nonetheless, there might be significant merit in labeling keys as to their
alleged function, and not just the process that is performed on them.

Bob

---

• Prev by Date: Re: SPKI signing keys only
• Next by Date: Re: Subject signing redux (was: Re: Mary is Mary)
• Prev by thread: Re: SPKI signing keys only
• Next by thread: Re: SPKI signing keys only
• Index(es):
  • Main
  • Thread