W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Non-repudiation

From: Chris Smithies <Chris_Smithies@penop.com>
Date: Wed, 6 Oct 1999 13:35:15 +0100
To: w3c-ietf-xmldsig@w3.org
Message-ID: <85256802.0044BD01.00@penop.com>


I would strongly recommend that the term "non-repudiation" and its
derivatives not appear in the draft. From a legal perspective it is seen as
a hollow boast. The only thing that can't be _denied_ is that if a hash can
be decrypted by K1, then it was encrypted by K2. But even allowing that the
surrounding system is completely secure in all respects, it remains
possible for the "appropriate user" of K2 to _repudiate_ a signature
demonstrably signed by K2. Duress... mistake... deception...
"non-repudiation" is actually a marketing term!
Received on Wednesday, 6 October 1999 08:27:11 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT