[Fwd: Re: Non-repudiation (was RE: The PAIN mnemonic)]

Nicholas Bohm nbohm at ernest.net
Fri Jan 9 12:11:10 EST 2004 

At 11:42 07/01/2004 -0800, Ed Gerck wrote:

>Jerrold Leichter wrote:
>
>> Now that we've trashed non-repudiation ...
>
>Huh? Processes that can be conclusive are useful and do exist, I read here,
>in the legal domain. It may not be so clear how such processes can exist in
>the technical domain and that's why I'm posting ;-)
>
>> just how is it different from authentication?
>
>Using an information theory model, it's clear that authentication needs one
>channel of information (e.g., the CA's public key, the password list) in addition
>to the signal (e.g., a signed message, a username/password entry). Authentication
>rests on the information channel being trusted (i.e., independently verifiable). In
>this model, non-repudiation is different because it needs at least one additional
>out-of-band signal (where authenticated absence of the signal is also effective).
>BTW, that's why digital signatures per se are repudiable -- there's no second,
>out-of-band signal.
>
>An additional technical difference is that authentication promotes "strength of
>evidence" while non-repudiation promotes "lack of repudiation of evidence".
>The latter is intuitively recognized to be stronger because  a single, effective
>denial of an act can rebuke any number of strong affirmations.
>
>This also means, intuitively,  that another difference exists. Non-repudiation
>should be harder to accomplish than authentication (you want more, you need
>to pay more). However, to the  extent that the process *can be* conclusive,
>non-repudiation may be worth it. Imagine the added costs, time and hassle
>(going back to a real-world comparison) if your bank would have to call you
>to confirm payment for every check you sign? This would be the case if
>paying a check could not be cast as a conclusive process for the bank (i.e.,
>without the possibility of an irrebuttable presumption of payability).

In the UK, but not in other countries, there is a statutory rule which prevents a bank from debiting a customer's account with a forged cheque (if you will forgive the British spelling), with only very limited exceptions.  If the customer repudiates a signature, it is for the bank to prove the genuineness of the signature, or suffer the loss.

My bank has once or twice telephoned to check the genuineness of an unusual transaction, though this over a period of many years.

This is not to disagree with your comments, but to observe that existing paper systems can work satisfactorily without non-repudiation rules.  There are obvious advantages to some parties in such systems if it adopts a non-repudiation rule, probably matched with corresponding disadvantages for others.  The change from paper to electronic systems of course also alters the balance of risks and the approach of banks to non-repudiation rules.

I and colleagues have written about this at:

http://elj.warwick.ac.uk/jilt/00-3/bohm.html

Regards

Nicholas Bohm

Salkyns, Great Canfield,
Takeley, Bishop’s Stortford CM22 6SX, UK

Phone   01279 871272    (+44 1279 871272)
Fax     020 7788 2198   (+44 20 7788 2198) - please note new fax number
Mobile  07715 419728 (+44 7715 419728)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20040109/2a6b584b/attachment.html>

More information about the cryptography mailing list