[Fwd: Re: Non-repudiation (was RE: The PAIN mnemonic)]

Ian Grigg iang at systemics.com
Sun Jan 4 20:24:07 EST 2004


Ben Laurie wrote:
> 
> My co-author (a lawyer) responds in detail to Ian Grigg's criticisms.


Thanks for that!  As I'm not clear whether the status of
the paper is searching of (more, further) detailed criticisms,
I've not commented directly on Mr Bohm's remarks.  For the
most part, we are in agreement.

Rather, I'll just quickly mention where I find one large
difference of opinion:

It's pretty apparent that what passes for common sense and
knowledge of the meaning of words in the legal fraternity
doesn't necessarily translate to our world of techies.  I
found the key to this debate was in understanding the full
meaning of the word "repudiate" and that involved careful
scrutiny of several dictionaries.

The same goes for legal concepts such as presumptions,
application of law, and so forth - Mr Bohm nailed me on
my woeful understanding of rebuttals, and he'd have no
trouble nailing the average techie who asserts that private
key signatures prove this or that:  they do no such thing,
they provide evidence, yet, we still face a decade-old
obsession with constructing cryptographic systems that
purport to prove away all risks.

So, I personally don't accept the argument that common
sense can fill in the gaps.  If common sense and ordinary
knowledge had been available in such liberal doses, we
wouldn't have spent the last decade or so working with
non-repudiation.

But, it is only by going through these discussions that I
feel I now have a much firmer understanding of why non-
repudiation is a crock.  So thank you all!

Which leaves the issue of what we call the property that
differentiates a private key signature from a MAC or MD?

iang


PS: to refresh:
http://www.apache-ssl.org/tech-legal.pdf

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list