To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=60875
------- Additional comments from [EMAIL PROTECTED] Tue Nov 11 16:28:06 +0000 2008 ------- My opinion, to filter out the signer certificates with Key Enchipherment Key Usage. The separation of the encryption(EC), authentication(DS), and signing(NR) function came from a security problem. Please imagine it: case 1: You have a certificate with DS, NR, EC. You want to login on a webpage, and the server drops some random data to sign it. You sign it, then the server check the signature, and logins you, when it is correct. But if the server drops some patched data, not random, the server owner will have a signed document, which is signed with a certificate, where the allowed purposes includes non repudation (NR), so your "random data" was SIGNED for them. case 2: You have EC with NR bits. You can have an application, which simply sign with your encription certificate, of course, this is not a way, yo want, but you sign something, with a law acceptable certificate. case 3: You sing something with a EC certificate You signed it, because you want to make it an official document. But when you will use it, on the judge, you will found, oops, no really signeture on it. So you lost on the judge. --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
