Sender and receiver non-repudiation

Lynn.Wheeler at firstdata.com Lynn.Wheeler at firstdata.com
Tue Jul 3 11:55:36 EDT 2001



there is even simpler "misappropriation" ... that of virus on the machine
... how do you really know what your computer is doing.

with paper signatures .... it is somewhat more clear-cut that the person
signing a document ... is actually looking at the document they are
signing. With digital signatures it becomes murkier ... how does somebody
know that what they are looking at is the same thing that the computer is
calculating a digital signature for.

in retail situations, the burdon of proof is typically with the
institutions to disproove any claims of forged signature.

some of the draft digital signature laws (associated with certificates and
certification authorities) started out trying to move that burden of proof
to the consumer (i.e. most of the laws don't so much talk about
"non-repudiation" per se ... they talk about disputes and who has the
burden of proof and the standards for burden of proof). Some of these
somewhat implied that a certificate was sufficient proof ... somewhat
ignoring there could be thousands of foibles that might result in a digital
signature not being what the key owner expected.

business issues typically are associated with amount of risk ... aka how
hard is it to defeat or compromise some system, how hard is it to show
intent, etc.

random refs:
http://www.garlic.com/~lynn/2001g.html#25 Root Certificates
http://www.garlic.com/~lynn/aadsm5.htm#shock  revised Shocking Truth about Digital Signatures
http://www.garlic.com/~lynn/aadsm5.htm#shock2  revised Shocking Truth about Digital Signatures
http://www.garlic.com/~lynn/aadsm5.htm#ocrp3  Online Certificate Revocation Protocol
http://www.garlic.com/~lynn/aadsmore.htm#schneier  Schneier: Why Digital Signatures are not Signatures (was Re :CRYPTO-GRAM, November 15, 2000)
http://www.garlic.com/~lynn/ansiepay.htm#anxclean  Misc 8583 mapping cleanup
http://www.garlic.com/~lynn/2000f.html#64  Cryptogram Newsletter is off the wall?
http://www.garlic.com/~lynn/2000f.html#65  Cryptogram Newsletter is off the wall?
http://www.garlic.com/~lynn/2000g.html#34  does CA need the proof of acceptance of key binding ?


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list