W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Re: Non-repudiation

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Tue, 12 Oct 1999 07:46:44 -0400
Message-Id: <199910121146.HAA21769@torque.pothole.com>
To: w3c-ietf-xmldsig@w3.org
Neither the requirements document nor the syntax and processing document
will, as far as I can tell, address non-repudiation as your describe it
but both will likely use the term as I have described it.

Donald

From:  Denis Pinkas <Denis.Pinkas@bull.net>
Resent-Date:  Tue, 12 Oct 1999 05:36:58 -0400 (EDT)
Resent-Message-Id:  <199910120936.FAA21760@www19.w3.org>
Message-ID:  <38030EF8.57FB0913@bull.net>
Date:  Tue, 12 Oct 1999 11:35:36 +0100
Organization:  Bull
To:  "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
CC:  w3c-ietf-xmldsig@w3.org
References:  <199910111711.NAA12175@torque.pothole.com>

>> I don't have much disagreement with anything you say.  I've also heard
>> support for the idea the "non-repudiation" can be considered a
>> contractual item.  So, for some purposes, it can be obtained even with
>> shared secret key technology for a class of disputes by a party
>> contractually agreeing that they can not dispute the signature.
>
>The term "non repudiation" must be used with great care. The ISO
>10181-4 document (called non repudiation Framework) starts with:
>"The goal of the non-repudiation service is to collect, maintain,
>make available and validate irrefutable evidence concerning a
>claimed event or action in order to solve disputes about the
>occurrence of the event or action".
>
>When public key technology and when no mandatory tamper resistant
>hardware token are used, this must remain true even if the signer's
>private key is compromised or declared compromised (and thus
>revoked) after a digital signature has been given. In practice,
>unless time stamping is used, the non repudiation property cannot be
>obtained.
>
>At the last meeting in Oslo I raised the question whether the coming
>document will address non repudiation and, at that time, the answer
>was no. Is the answer to that question still the same today ?
>
>Denis.
>
>
>> In any case, I think it is easiest for use to continue to use the term
>> and include a definition if we think it necessary for clarity.
>> 
>> Thanks,
>> Donald
>> 
>> From:  "Milton M. Anderson" <miltonma@gte.net>
>> Resent-Date:  Wed, 6 Oct 1999 10:30:42 -0400 (EDT)
>> Resent-Message-Id:  <199910061430.KAA17800@www19.w3.org>
>> Message-ID:  <010701bf1006$c11b4020$8c3bbfd1@computer>
>> To:  "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
>> Cc:  <w3c-ietf-xmldsig@w3.org>
>> Date:  Wed, 6 Oct 1999 10:15:30 -0400
>> 
>> >What the public key security model actually provides is
>> >that the signer can fairly successfully claim that other recipients
>> >of the document could not have forged the signer's signature.
>> >The signer can offer evidence that the keys were created under
>> >proper conditions using trusted key generation software, that
>> >the private signing key has been in hardware of an appropriate
>> >tamper resistance, that the hardware has been connected to
>> >a host which has been well-secured,
>> >that administrative controls over signing priviledges
>> >have been properly implemented and enforced, etc.
>> >
>> >What the public key security model doesn't
>> >provide very adequately is for the recipients of the
>> >document to prove against the signer's will that only the
>> >signer could have created the signature, since the signer
>> >can reasonably claim that the keys were generated improperly, that the
>> >private key was stored in an encrypted file under a guessable
>> >password, that hackers might have invaded the host and planted
>> >a trojan horse that created the signature, and that the
>> >whole system was haphazardly administered, etc.
>> >
>> >So the second property of non-repudiation can only be
>> >claimed in closed systems where there is an overall
>> >security system design and adminstrative framework
>> >that supports it.  It's not a property of public key cryptography
>> >per se.
>> >
>> >Unfortunately, the first property, which is more nearly a
>> >property of public key signatures, doesn't have a
>> >single-word name that I know of.
>> >
>> >Milt
>> >
>> >
>> >-----Original Message-----
>> >From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
>> >To: w3c-ietf-xmldsig@w3.org <w3c-ietf-xmldsig@w3.org>
>> >Date: Wednesday, October 06, 1999 8:55 AM
>> >Subject: Re: Non-repudiation
>> >
>> >
>> >>
>> >>Well, other people think it very important to distinguish the security
>> >>model provided by, for example, public key versus keyed hash.  One
>> >>difference in these models is normally called non-repudiation and in
>> >>technical documents such as this, that refers to the fact that you
>> >>either need the private key or need to have broken the cryptography to
>> >>forge a signture.   Having small glossary at the end of the document
>> >>and defining the term is fine.  But if you want it replaced, I think
>> >>you should provide a single word substitute that people could agreee
>> >>on as a replacement.
>> >>
>> >>Saying '"non-repudiation" is actually a marketing term!' doesn't
>> >>persuade me since marketers use and screw up essentially every word in
>> >>the language.
>> >>
>> >>Donald
>> >>
>> >>From:  "Chris Smithies" <Chris_Smithies@penop.com>
>> >>Resent-Date:  Wed, 6 Oct 1999 08:27:14 -0400 (EDT)
>> >>Resent-Message-Id:  <199910061227.IAA12816@www19.w3.org>
>> >>X-Lotus-FromDomain:  PENOP
>> >>To:  w3c-ietf-xmldsig@w3.org
>> >>Message-ID:  <85256802.0044BD01.00@penop.com>
>> >>Date:  Wed, 6 Oct 1999 13:35:15 +0100
>> >>
>> >>>I would strongly recommend that the term "non-repudiation" and its
>> >>>derivatives not appear in the draft. From a legal perspective it is seen as
>> >>>a hollow boast. The only thing that can't be _denied_ is that if a hash can
>> >>>be decrypted by K1, then it was encrypted by K2. But even allowing that the
>> >>>surrounding system is completely secure in all respects, it remains
>> >>>possible for the "appropriate user" of K2 to _repudiate_ a signature
>> >>>demonstrably signed by K2. Duress... mistake... deception...
>> >>>"non-repudiation" is actually a marketing term!
>> >>
>> >
>
Received on Tuesday, 12 October 1999 07:46:56 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT