On Tue, 2025-09-16 at 12:25 -0500, Orie wrote: > ... > In general, a single key shall be used for only one purpose (e.g., > encryption, integrity authentication, key wrapping, random bit generation, or > digital signatures). > ```
I would like to note that NIST has a bad habit of inserting operational considerations into standards, and then people end up interpreting them as implementation requirements. I believe this is on such case, where they are NISTsplaining how the operator should behave and this text should not be taken to mean that implementations should make it impossible (or even hard) to use a key for multiple purposes (but it is perfectly ok for implementations to provide the operator with ways of restricting key usage at their discretion). While I do think that reducing risk is a generally good idea, I think this should be left higher in the stack, because time and again when lower level libraries or standards are too rigid what actually happens is that people end up messing it up badly in the upper layer by applying "workarounds". I think AKP falls short here because it *forces* the application instead of simply providing an indication that most libraries will follow but can be relaxed with a simple configuration option. A system that allows to set the intended usage as a separate attribute but that does not otherwise prevent "non-recommended" usage has generally better long term risk management properties, in practice, IMHO. My 2c, Simo. -- Simo Sorce Distinguished Engineer RHEL Crypto Team Red Hat, Inc _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
