> -----Original Message-----
> [mailto:[EMAIL PROTECTED] On Behalf Of Stefan Kelm
> Sent: Tuesday, December 23, 2003 1:44 AM
> Subject: Re: Non-repudiation (was RE: The PAIN mnemonic)

> Ah. That's why they're trying to rename the corresponding keyUsage bit
> to "contentCommitment" then:
>   http://www.pki-page.info/download/N12599.doc
> :-)
> Cheers,
>       Stefan.

Maybe, but that page defines it as:


contentCommitment: for verifying digital signatures which are intended to
signal that the signer is committing to the content being signed. The
precise level of commitment, e.g. "with the intent to be bound" may be
signaled by additional methods, e.g. certificate policy.

Since a content commitment signing is considered to be a digitally signed
transaction, the digitalSignature bit need not be set in the certificate. If
it is set, it does not affect the level of commitment the signer has endowed
in the signed content.

Note that it is not incorrect to refer to this keyUsage bit using the
identifier nonRepudiation. However, the use this identifier has been
deprecated. Regardless of the identifier used, the semantics of this bit are
as specified in this standard.


Which still refers to the "signer" having an "intent to be bound".  One can
not bind a key to anything, legally, so the signer here must be a human or
organization rather than a key.  It is that unjustifiable linkage from the
actions of a key to the actions of one or more humans that needs to be
eradicated from the literature.

 - Carl

|Carl M. Ellison         [EMAIL PROTECTED]      http://theworld.com/~cme |
|    PGP: 75C5 1814 C3E3 AAA7 3F31  47B9 73F1 7E3C 96E7 2B71       |
+---Officer, arrest that man. He's whistling a copyrighted song.---+ 

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to