[Fwd: Re: Non-repudiation (was RE: The PAIN mnemonic)]

Arnold G. Reinhold reinhold at world.std.com
Fri Jan 9 11:42:10 EST 2004 

I did a Google search on "irrebuttable presumption" and found a lot 
of interesting material. One research report on the State of 
Connecticut web site

http://www.cga.state.ct.us/2003/olrdata/ph/rpt/2003-R-0422.htm

says: "The Connecticut Supreme Court and the U. S. Supreme Court have 
held that irrebuttable presumptions are unconstitutional when they 
are not necessarily or universally true and the state has reasonable 
alternative means of making the determination."

The comment appears to apply to statutes and regulations (as opposed 
to contracts).  Still the two tests mentioned seem very appropriate 
to a discussion of non-repudiation as used in cryptography. In 
deciding whether the existence of a verified signature should 
automatically lead to some real world action, we should consider both 
the adequacy of the technology and the nature of the application.

So, for example, the military might adopt an irrebuttable presumption 
that a cryptographically signed order comes from the registered owner 
of a cryptographic key, because it has vetted all the technology 
employed, it can't tolerate delay, and  is willing to impose a duty 
on a key holders to protect their key or suffer the consequences.

On the other end of the scale, anti-spam software might accept a 
signature validated by a public key that is included in a user's 
white list as conclusive proof that the message should be transmitted 
to that user because the consequences of doing so with a forged 
message are so minute.

In the case of ordinary consumer transactions, an irrebuttable 
presumption for public key signatures would not seem to pass muster. 
There are too many problems with the technology (its not just a 
question of protecting the private key, but also of insuring the the 
document actually signed is the one the user thought he was signing) 
and there are usually other forms of evidence (e.g. delivery records) 
to substantiate the transaction.

This is apparently a very complex area of law. Another paper
http://www.law.nyu.edu/clppt/program2003/readings/Franck.doc
includes these quotes:

"Every writer of sufficient intelligence to appreciate the 
difficulties of the subject matter has approached the topic of 
presumptions with a sense of hopelessness and left it with a feeling 
of despair."5  Commenting on the law of presumptions, Judge Learned 
Hand has commented: "Judges have mixed it up until nobody can tell 
what on earth it means."6

It sounds like the legal profession long ago recognized the 
difficulties the cryptographic community is now grappling with regard 
to "non-repudiation."  We should be very wary of assuming 
mathematical constructs naturally transform into the legal arena.

Arnold Reinhold
(who is not a lawyer)

  5  Edmund M. Morgan, "Presumptions," 12 Wash. L. Rev. 255, 255 (1937).
  6  L. Hand, 18 ALI Proceedings 217-18 (1941).

At 5:32 PM -0800 1/5/04, Ed Gerck wrote:
>  >
>
>In business, when repudiation of an act is anticipated we're reminded by
>Nicholas Bohm (whose clear thinking I know and appreciate for 6 years)
>that some lawyers find it useful to define "irrebuttable presumptions"  -- a
>technique known to the law and capable of being instantiated in 
>statute or contract.
>
>For example, a legal "irrebuttable presumption" can take the form of 
>a bank check
>contract stating that a check (even though it can be *proven* a 
>posteriori to be a
>forgery) is payable by the bank if the account holder did not notify 
>the bank to
>repudiate the check *before* the check was presented to the bank for payment.
>The requirement can be seen an "out-of-band" signal from the account holder to
>the bank, which absence makes the check's payability an irrebuttable 
>presumption
>by the bank. In this case, as long as the check's signature does not 
>look like a
>(obvious) forgery and there is enough balance in the account, the bank has no
>liability to that customer in paying the check. Note also that the 
>effectiveness of
>this method relies on an "indirect proof" -- the absence of a 
>previous communication
>makes the check payable.
>
>Likewise, in a communication process, when repudiation of an act by a party is
>anticipated, some system security designers find it useful to define 
>"non-repudiation"
>as a service that prevents the effective denial of an act. Thus, 
>lawyers should
>not squirm when we feel the same need they feel -- to provide for processes
>that *can be* conclusive.
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list