Non-repudiation (was RE: The PAIN mnemonic)
Ben Laurie
ben at algroup.co.uk
Sat Dec 27 12:20:39 EST 2003
Ian Grigg wrote:
> Carl and Ben have rubbished "non-repudiation"
> without defining what they mean, making it
> rather difficult to respond.
I define it quite carefully in my paper, which I pointed to.
> Now, presumably, they mean the first, in
> that it is a rather hard problem to take the
> cryptographic property of public keys and
> then bootstrap that into some form of property
> that reliably stands in court.
>
> But, whilst challenging, it is possible to
> achieve legal non-repudiability, depending
> on your careful use of assumptions. Whether
> that is a sensible thing or a nice depends
> on the circumstances ... (e.g., the game that
> banks play with pin codes).
Actually, its very easy to achieve legal non-repudiability. You pass a
law saying that whatever-it-is is non-repudiable. I also cite an example
of this in my paper (electronic VAT returns are non-repudiable, IIRC).
> So, as a point of clarification, are we saying
> that "non-repudiability" is ONLY the first of
> the above meanings? And if so, what do we call
> the second? Or, what is the definition here?
>
> From where I sit, it is better to term these
> as "legal non-repudiability" or "cryptographic
> non-repudiability" so as to reduce confusion.
Read my paper (it was co-authored with a lawyer, so I believe we've got
both the crypto and legal versions covered).
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list