W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999


From: Chris Smithies <Chris_Smithies@penop.com>
Date: Wed, 6 Oct 1999 13:35:15 +0100
To: w3c-ietf-xmldsig@w3.org
Message-ID: <85256802.0044BD01.00@penop.com>

I would strongly recommend that the term "non-repudiation" and its
derivatives not appear in the draft. From a legal perspective it is seen as
a hollow boast. The only thing that can't be _denied_ is that if a hash can
be decrypted by K1, then it was encrypted by K2. But even allowing that the
surrounding system is completely secure in all respects, it remains
possible for the "appropriate user" of K2 to _repudiate_ a signature
demonstrably signed by K2. Duress... mistake... deception...
"non-repudiation" is actually a marketing term!
Received on Wednesday, 6 October 1999 08:27:11 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:32 UTC