W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Re: Non-repudiation

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Wed, 06 Oct 1999 08:53:13 -0400
Message-Id: <199910061253.IAA04220@torque.pothole.com>
To: w3c-ietf-xmldsig@w3.org

Well, other people think it very important to distinguish the security
model provided by, for example, public key versus keyed hash.  One
difference in these models is normally called non-repudiation and in
technical documents such as this, that refers to the fact that you
either need the private key or need to have broken the cryptography to
forge a signture.   Having small glossary at the end of the document
and defining the term is fine.  But if you want it replaced, I think
you should provide a single word substitute that people could agreee
on as a replacement.

Saying '"non-repudiation" is actually a marketing term!' doesn't
persuade me since marketers use and screw up essentially every word in
the language.

Donald

From:  "Chris Smithies" <Chris_Smithies@penop.com>
Resent-Date:  Wed, 6 Oct 1999 08:27:14 -0400 (EDT)
Resent-Message-Id:  <199910061227.IAA12816@www19.w3.org>
X-Lotus-FromDomain:  PENOP
To:  w3c-ietf-xmldsig@w3.org
Message-ID:  <85256802.0044BD01.00@penop.com>
Date:  Wed, 6 Oct 1999 13:35:15 +0100

>I would strongly recommend that the term "non-repudiation" and its
>derivatives not appear in the draft. From a legal perspective it is seen as
>a hollow boast. The only thing that can't be _denied_ is that if a hash can
>be decrypted by K1, then it was encrypted by K2. But even allowing that the
>surrounding system is completely secure in all respects, it remains
>possible for the "appropriate user" of K2 to _repudiate_ a signature
>demonstrably signed by K2. Duress... mistake... deception...
>"non-repudiation" is actually a marketing term!
Received on Wednesday, 6 October 1999 08:53:17 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT