crypto flaw in secure mail standards

Ian BROWN I.Brown at cs.ucl.ac.uk
Mon Jun 25 06:25:18 EDT 2001


Greg Broiles wrote:
>The digital signature laws I've seen don't mention and don't support the 
>notion of "non-repudiation", which seems to be an obsession among computer 
>security people and a non-issue among legal people.

Unfortunately, a lot of legal people have been convinced by the notion. 
The UK's law implementing the EU's digital signature directive allows
the burden of proof to be shifted so that the "signer" of a message has to 
prove they did NOT make it; the opposite to the physical signature situation. 
Many British banks' online terms and conditions say that customers are liable for any 
instructions authenticated by their password before it's revoked, never mind a digital signature.

Lots more info at:

Nicholas Bohm, Ian Brown and Brian Gladman. Electronic commerce: who carries the risk
of fraud? Journal of Information, Law and Technology, October 2000
http://elj.warwick.ac.uk/jilt/00-3/bohm.html

Jane K. Winn. The Emperor's new clothes: the shocking truth about digital
signatures and Internet commerce.
http://www.smu.edu/~jwinn/shocking-truth.htm
-- 
"Personal privacy was a transient state, starting when people no longer believed that God could see everything, and ending when governments decided they must fill the vacuum thus created." --Roger Needham





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list