Non-repudiation (was RE: The PAIN mnemonic)

Anne & Lynn Wheeler lynn at garlic.com
Tue Dec 23 12:48:16 EST 2003 

At 08:23 AM 12/21/2003 -0800, Carl Ellison wrote:
>That's an interesting definition, but you're describing a constraint on the
>behavior of a human being.  This has nothing to do with cryptosystem choice
>or network protocol design.  What mechanisms do you suggest for enforcing
>even the constraint you cite?  Of course, that constraint isn't enough.  In
>order to achieve non-repudiation, the way it is defined, you need to prove
>to a third party (the judge) that a particular human being knowingly caused
>a digital signature to be made.  A signature can be made without the
>conscious action of the person to whom that key has been assigned in a
>number of ways, none of which includes negligence by that person.

total aside ... i just did jury duty in criminal case last week

a mammal taxonomy can have
* humans
* horses
* mice

which doesn't mean that all mammal's have hooves, and correspondingly, all 
security doesn't have to have non-repudiation.

if the authorizations and/or permissions require for somebody to be an 
employee ... it is possible to authenticate somebody as being an employee 
w/o having to authenticate who they are ... just sufficient to authenticate 
them as whether or not they are allowed to do what they are allowed to do.

now, if you have 10,000 people that are authorized to do something ... and 
you have no tracking about what any specific person does .... then if some 
fraud takes place .... you may have no grounds whether to suspect any of 
the 10,000 over any of the others.  However, if you have a policy that 
employees are strictly not suppose to share passwords and can get fired if 
they do .... and some fraud process takes placed ... done by an entity 
entering a specific password .... there would possibly be at least 
sufficient grounds to at least get a search warrant. The password by itself 
might not be sufficient to convict beyond a reasonable doubt ... but the 
audit trail might at least help point the investigation in the correct 
direction and also be admitted as circumstantial evidence. The defense 
attorneys in their opening statements said something about the prosecution 
showing means, motive, opportunity and misc. other things.

in any case, I would claim that both human and non-repudiation issues are 
part of security.

I wouldn't go so far as to say that just because a certification authority 
turned on a "non-repudiation" bit in a certificate .... and had no means at 
all of influencing human behavior, that just because the bit was turned on 
... it, in anyway had anything to do with non-repducation.

there is recent thread in pkx mailing list about the name of the 
non-repudiation bit in a certificate being depreciated. There seems to be 
two separate issues ... 1) calling the bit "non-repudiation" isn't 
consistent with the meaning of the bit and 2) the semantics of what the bit 
supposedly controls.
--
Anne & Lynn Wheeler    http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
  

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list