non-repudiation, was Re: crypto flaw in secure mail standards

Rodney Thayer rodney at tillerman.to
Sat Jul 7 11:27:56 EDT 2001


At 02:07 PM 7/5/01 -0700, Greg Broiles wrote:
 >... using a PKI non-repudiation scheme in this instance might be helpful, 
though it's worth keeping in >mind that it rests on the assumption that 
end-users can and will preserve the security of a couple of >big numbers 
(their private keypair) when currently they're frequently able to escape 
liability by >claiming to have experienced a security breach related to 
their preservation and use of a single, much >shorter pair of numbers - 
their credit card number and expiration date.

people frequently are asked to sign usage agreements that explicitly state they
are responsible for protecting their password/key material.  This is 
DIFFERENT from
credit card numbers -- nobody asks you to sign something that says
you'll keep your credit card number private.

Now, the validity of those agreements may or may not be untested, but they 
exist, so the
path to establishing case law probably exists.

...rodney


"the two most dangerous things on the internet are: geeks pretending to be 
lawyers,
and, lawyers pretending to be geeks"




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list