This is quite a generic question about SSL, but it might have an impact
on NSS.
Let's imagine you have a strict policy of separating signature and
encryption certificates and want to apply it to your SSL server certificate.
If you restrict your SSL server to only use to EDH protocols, you don't
need the keyEncipherment key usage and it seems to be OK.
My question is do you need the keyAgreement key usage, then ?
The trouble is that mozilla doc says you do :
http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html:
SSLServer: KEY_AGREEMENT OR KEY_ENCIPHERMENT
but usually RSA certificat don't need keyAgreement to use an EDH
protocol, and rfc3280 says "keyAgreement [...]. For example, when a
Diffie-Hellman key is to be used for key management, then this bit is
set." which can be interpreted as saying that the bit rules the key in
the certificate, and not the ephemeral DH key that is created in that case ?
So theorically should it be required or not ?
And does NSS required it ?
I think the answer might be "no" to the first and "yes" to the second,
which would then be a bug in NSS.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
