- From: Chris Smithies <Chris_Smithies@penop.com>
- Date: Wed, 6 Oct 1999 13:35:15 +0100
- To: w3c-ietf-xmldsig@w3.org
I would strongly recommend that the term "non-repudiation" and its derivatives not appear in the draft. From a legal perspective it is seen as a hollow boast. The only thing that can't be _denied_ is that if a hash can be decrypted by K1, then it was encrypted by K2. But even allowing that the surrounding system is completely secure in all respects, it remains possible for the "appropriate user" of K2 to _repudiate_ a signature demonstrably signed by K2. Duress... mistake... deception... "non-repudiation" is actually a marketing term!
Received on Wednesday, 6 October 1999 08:27:11 UTC