Sender and receiver non-repudiation
Lynn.Wheeler at firstdata.com
Lynn.Wheeler at firstdata.com
Tue Jul 3 11:55:36 EDT 2001
there is even simpler "misappropriation" ... that of virus on the machine
... how do you really know what your computer is doing.
with paper signatures .... it is somewhat more clear-cut that the person
signing a document ... is actually looking at the document they are
signing. With digital signatures it becomes murkier ... how does somebody
know that what they are looking at is the same thing that the computer is
calculating a digital signature for.
in retail situations, the burdon of proof is typically with the
institutions to disproove any claims of forged signature.
some of the draft digital signature laws (associated with certificates and
certification authorities) started out trying to move that burden of proof
to the consumer (i.e. most of the laws don't so much talk about
"non-repudiation" per se ... they talk about disputes and who has the
burden of proof and the standards for burden of proof). Some of these
somewhat implied that a certificate was sufficient proof ... somewhat
ignoring there could be thousands of foibles that might result in a digital
signature not being what the key owner expected.
business issues typically are associated with amount of risk ... aka how
hard is it to defeat or compromise some system, how hard is it to show
intent, etc.
random refs:
http://www.garlic.com/~lynn/2001g.html#25 Root Certificates
http://www.garlic.com/~lynn/aadsm5.htm#shock revised Shocking Truth about Digital Signatures
http://www.garlic.com/~lynn/aadsm5.htm#shock2 revised Shocking Truth about Digital Signatures
http://www.garlic.com/~lynn/aadsm5.htm#ocrp3 Online Certificate Revocation Protocol
http://www.garlic.com/~lynn/aadsmore.htm#schneier Schneier: Why Digital Signatures are not Signatures (was Re :CRYPTO-GRAM, November 15, 2000)
http://www.garlic.com/~lynn/ansiepay.htm#anxclean Misc 8583 mapping cleanup
http://www.garlic.com/~lynn/2000f.html#64 Cryptogram Newsletter is off the wall?
http://www.garlic.com/~lynn/2000f.html#65 Cryptogram Newsletter is off the wall?
http://www.garlic.com/~lynn/2000g.html#34 does CA need the proof of acceptance of key binding ?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list