[Fwd: Re: Non-repudiation (was RE: The PAIN mnemonic)]
Arnold G. Reinhold
reinhold at world.std.com
Fri Jan 9 11:42:10 EST 2004
I did a Google search on "irrebuttable presumption" and found a lot
of interesting material. One research report on the State of
Connecticut web site
http://www.cga.state.ct.us/2003/olrdata/ph/rpt/2003-R-0422.htm
says: "The Connecticut Supreme Court and the U. S. Supreme Court have
held that irrebuttable presumptions are unconstitutional when they
are not necessarily or universally true and the state has reasonable
alternative means of making the determination."
The comment appears to apply to statutes and regulations (as opposed
to contracts). Still the two tests mentioned seem very appropriate
to a discussion of non-repudiation as used in cryptography. In
deciding whether the existence of a verified signature should
automatically lead to some real world action, we should consider both
the adequacy of the technology and the nature of the application.
So, for example, the military might adopt an irrebuttable presumption
that a cryptographically signed order comes from the registered owner
of a cryptographic key, because it has vetted all the technology
employed, it can't tolerate delay, and is willing to impose a duty
on a key holders to protect their key or suffer the consequences.
On the other end of the scale, anti-spam software might accept a
signature validated by a public key that is included in a user's
white list as conclusive proof that the message should be transmitted
to that user because the consequences of doing so with a forged
message are so minute.
In the case of ordinary consumer transactions, an irrebuttable
presumption for public key signatures would not seem to pass muster.
There are too many problems with the technology (its not just a
question of protecting the private key, but also of insuring the the
document actually signed is the one the user thought he was signing)
and there are usually other forms of evidence (e.g. delivery records)
to substantiate the transaction.
This is apparently a very complex area of law. Another paper
http://www.law.nyu.edu/clppt/program2003/readings/Franck.doc
includes these quotes:
"Every writer of sufficient intelligence to appreciate the
difficulties of the subject matter has approached the topic of
presumptions with a sense of hopelessness and left it with a feeling
of despair."5 Commenting on the law of presumptions, Judge Learned
Hand has commented: "Judges have mixed it up until nobody can tell
what on earth it means."6
It sounds like the legal profession long ago recognized the
difficulties the cryptographic community is now grappling with regard
to "non-repudiation." We should be very wary of assuming
mathematical constructs naturally transform into the legal arena.
Arnold Reinhold
(who is not a lawyer)
5 Edmund M. Morgan, "Presumptions," 12 Wash. L. Rev. 255, 255 (1937).
6 L. Hand, 18 ALI Proceedings 217-18 (1941).
At 5:32 PM -0800 1/5/04, Ed Gerck wrote:
> >
>
>In business, when repudiation of an act is anticipated we're reminded by
>Nicholas Bohm (whose clear thinking I know and appreciate for 6 years)
>that some lawyers find it useful to define "irrebuttable presumptions" -- a
>technique known to the law and capable of being instantiated in
>statute or contract.
>
>For example, a legal "irrebuttable presumption" can take the form of
>a bank check
>contract stating that a check (even though it can be *proven* a
>posteriori to be a
>forgery) is payable by the bank if the account holder did not notify
>the bank to
>repudiate the check *before* the check was presented to the bank for payment.
>The requirement can be seen an "out-of-band" signal from the account holder to
>the bank, which absence makes the check's payability an irrebuttable
>presumption
>by the bank. In this case, as long as the check's signature does not
>look like a
>(obvious) forgery and there is enough balance in the account, the bank has no
>liability to that customer in paying the check. Note also that the
>effectiveness of
>this method relies on an "indirect proof" -- the absence of a
>previous communication
>makes the check payable.
>
>Likewise, in a communication process, when repudiation of an act by a party is
>anticipated, some system security designers find it useful to define
>"non-repudiation"
>as a service that prevents the effective denial of an act. Thus,
>lawyers should
>not squirm when we feel the same need they feel -- to provide for processes
>that *can be* conclusive.
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list