More comments on the Aug 1 Spec

All,

I have read more of http://www.w3.org/2001/XKMS/Drafts/XKMS/xkms-part-1.html
and have some more questions and comments:

1. [103] The schema def is missing for KeyBindingAbstractType in the prose

2. When I first read the description of <KeyUsage> my initial thought was
akin to PKIX keyUsageExtension. I suppose I'm wondering if the three options
provided (Signature,Encryption,Exchange) are going to be augmented to allow
other key usage semantics. Doing this, however, would simply move the
complexity from the underlying PKI back to the message syntax. What argument
is there to keep the three choices that do exist there while leaving others
out (for example, keyCertSign, crlSign)? 

3. [125] Is the StatusValue attribute on the <Status> element really
optional? What sort of semantics would something like the following have
should one omit the StatusValue attribute (as allowed):

<Status>
  <Reason> IssuerTrust</Reason>
</Status>


It seems to me that StatusValue is required. Correct me here if I'm wrong.

4. [158] Can someone explain why we must MAC twice for a
<RevocationCodeIdentifier>? MACing more than once is useful for meeting a
certain size constraint, but I don't see a specific size constraint on the
<RevocationCodeIdentifier>.

5. [163] I think there is a typo here. All of a sudden an element called
KeyInfoQuery is referred to. What is this? Is it supposed to be
QueryKeyBinding instead? There is no mention of KeyInfoQuery in the provided
schema definition in the prose.

6. [168] Sort of the same thing as issue #5 above. An element called
KeyBindingQuery is suddenly introduced here and it doesn't fit. This should
read something like: "A single QueryKeyBinding element that represents a
request for the status of a specific key binding." There is also no mention
of <KeyBindingQuery> anywhere in the spec. Correct me here if I am wrong
please.

7. In Example 5.1.1 when Alice does a registration request I am a bit
confused on the nature of the certificate chain that the server sends back.
Is it a terminated chain or does it contain an intermediate certificate
authority? How does Alice get to choose who the certificate authority is
authenticated by? What if she wants to be authenticated by CA Foo instead of
CA Bar? Does she get to choose? Should she send a preferred distinguished
name of who she wants to be authenticated by? The service might have access
to more than one CA.

8. [186] The last sentence here states:  "The request specifies only
Encryption and Exchange Key uses as the key is to be escrowed." Can someone
explain to me why (by implication) a key cannot be used for digital
signature if it is escrowed for recovery?

9. [201]. I don't understand why revoking a key is tied to recovering a key.
Can someone explain this to me in more detail? The way it reads now it
implies that the service sends back a revoked private key (but it is
recovered!). What use does it have if it is now revoked?

10. The example following [201] has a random extra XML document inserted. It
looks like an unencrypted private key. Is this a typo?


Please straighten me out if I am wrong on any of these issues.

Regards,


Blake Dournaee
Senior Systems Engineer
RSA Security, Inc.
650-295-7548

"A mind all logic is like a knife all blade, it makes the hand bleed that
uses it."


 

Received on Friday, 30 August 2002 17:51:06 UTC