Sender and receiver non-repudiation
Panayiotis Kotzanikolaou
pkotzani at unipi.gr
Tue Jul 3 05:37:09 EDT 2001
It is well known that digital signatures can be used to ensure
non-repudiation of the sender in message exchange.
Say that Alice (A) sends to Bob (B) a mesage M. If Alice sends to Bob a
signed receipt of the message sent, then Alice cannot refuse of having
send the message.
A-->B: M, SIGN_A(A sends M to M)
Now if Bob receives the message and replies with a signed receipt
B-->A: SIGN_B(B received M from A)
then Bob cannot later refuse of having received the message M.
The problem in this scheme is that Bob signs and sends the proof after
he has received M. Bob can receive M and never send a receipt.
By using a trusted delivery service, it is easy to produce
non-repudiation evidence both for the sender and the receiver.
Is there any cryptographic protocol that "forces" Bob to produce
non-repudiation evidence during execution?
[Your exposition is filled with statements lots of people might take
issue with, like the concept that Alice "cannot" deny sending the
message. What if Alice claims it wasn't her key, or her key was stolen
or misappropriated, or what have you? One lesson I've learned -- you
cannot perfect law with technology, or eliminate business risk with
law. --Perry]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list