Non-repudiation (was RE: The PAIN mnemonic)
Anne & Lynn Wheeler
lynn at garlic.com
Tue Dec 23 12:48:16 EST 2003
At 08:23 AM 12/21/2003 -0800, Carl Ellison wrote:
>That's an interesting definition, but you're describing a constraint on the
>behavior of a human being. This has nothing to do with cryptosystem choice
>or network protocol design. What mechanisms do you suggest for enforcing
>even the constraint you cite? Of course, that constraint isn't enough. In
>order to achieve non-repudiation, the way it is defined, you need to prove
>to a third party (the judge) that a particular human being knowingly caused
>a digital signature to be made. A signature can be made without the
>conscious action of the person to whom that key has been assigned in a
>number of ways, none of which includes negligence by that person.
total aside ... i just did jury duty in criminal case last week
a mammal taxonomy can have
* humans
* horses
* mice
which doesn't mean that all mammal's have hooves, and correspondingly, all
security doesn't have to have non-repudiation.
if the authorizations and/or permissions require for somebody to be an
employee ... it is possible to authenticate somebody as being an employee
w/o having to authenticate who they are ... just sufficient to authenticate
them as whether or not they are allowed to do what they are allowed to do.
now, if you have 10,000 people that are authorized to do something ... and
you have no tracking about what any specific person does .... then if some
fraud takes place .... you may have no grounds whether to suspect any of
the 10,000 over any of the others. However, if you have a policy that
employees are strictly not suppose to share passwords and can get fired if
they do .... and some fraud process takes placed ... done by an entity
entering a specific password .... there would possibly be at least
sufficient grounds to at least get a search warrant. The password by itself
might not be sufficient to convict beyond a reasonable doubt ... but the
audit trail might at least help point the investigation in the correct
direction and also be admitted as circumstantial evidence. The defense
attorneys in their opening statements said something about the prosecution
showing means, motive, opportunity and misc. other things.
in any case, I would claim that both human and non-repudiation issues are
part of security.
I wouldn't go so far as to say that just because a certification authority
turned on a "non-repudiation" bit in a certificate .... and had no means at
all of influencing human behavior, that just because the bit was turned on
... it, in anyway had anything to do with non-repducation.
there is recent thread in pkx mailing list about the name of the
non-repudiation bit in a certificate being depreciated. There seems to be
two separate issues ... 1) calling the bit "non-repudiation" isn't
consistent with the meaning of the bit and 2) the semantics of what the bit
supposedly controls.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list