non-repudiation, was Re: crypto flaw in secure mail standards
Rodney Thayer
rodney at tillerman.to
Sat Jul 7 11:27:56 EDT 2001
At 02:07 PM 7/5/01 -0700, Greg Broiles wrote:
>... using a PKI non-repudiation scheme in this instance might be helpful,
though it's worth keeping in >mind that it rests on the assumption that
end-users can and will preserve the security of a couple of >big numbers
(their private keypair) when currently they're frequently able to escape
liability by >claiming to have experienced a security breach related to
their preservation and use of a single, much >shorter pair of numbers -
their credit card number and expiration date.
people frequently are asked to sign usage agreements that explicitly state they
are responsible for protecting their password/key material. This is
DIFFERENT from
credit card numbers -- nobody asks you to sign something that says
you'll keep your credit card number private.
Now, the validity of those agreements may or may not be untested, but they
exist, so the
path to establishing case law probably exists.
...rodney
"the two most dangerous things on the internet are: geeks pretending to be
lawyers,
and, lawyers pretending to be geeks"
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list