> On Nov 8, 2018, at 5:27 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
>
>> Always enforce peer certificate key usage (separation) for ECDSA. ECDSA keys
>> are more brittle when misused.
>
> Since ECDSA can only do signing, isn't this a bit redundant? In other words
> you can't really not enforce keyUsage for a signature-only algorithm.
Well, ECDH keys (not really ECDSA) can do key agreement, and EC keys
can be used for encryption with ECIES. In any case, it seems that
other libraries are already requiring digitalSignature in keyUsage
(when present) for ECDSA that don't yet do so for RSA, and I'm willing
to go along with that. Trying to make a pragmatic choice...
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
