Kyle Hamilton wrote:

> Certificate issuance is a statement of identity binding for a given
> key at a given assurance. No more, no less.


No, it isn't. It's often more.

> A CA does not and cannot specify the value of the data which can be
> encrypted or protected by any given key.


Irrelevant to the discussion.

> ... It specifies things that
> third parties can know and rely on. Only the principal itself can
> know what it's actually going to use the key for.


No, key usage restrictions are certainly within the realm of what
a CA will bake into a cert. And relying parties may choose not
to accept a cert for a given purpose if that purpose is not
included in key usage extensions, for example.

For example, you certainly can use a key to produce a digital
signature, even if the certificate that binds the public key
to that entity says otherwise. But no one should accept the
signature as valid. In fact, the signing may be grounds for
revoking the certificate.

> Remember, the CA (and X.509 certificate chains) are only a relatively
> efficient means of transferring trust via policy. It is NOT the only
> way to transfer trust.


Irrelevant to the discussion -- I was arguing against adding time of
generation data to the private key format. I don't know of any serious
cryptographer or security expert who advocates this, and I certainly
don't.

> Please remember that there are uses for keys outside the PKI. This is
> why private key storage formats should have a timestamp-of-generation


Irrelevant, and fallacious. PKI is not a "use" for keys, it provides
mechanisms of finding appropriate identity/key associations and
validating these.

There are good arguments for NOT adding ad hoc changes to a standard --
especially when they are based on a paucity of understanding.

- M
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org