- From: John Boyer <jboyer@uwi.com>
- Date: Thu, 21 Oct 1999 10:23:07 -0700
- To: "DSig Group" <w3c-ietf-xmldsig@w3.org>
The question came up in today's telecon about what to call the property of public key systems that the signer is identified by virtue of being the only one (technically speaking) who could have created a signature since the signature creation requires the individual's private key. It was suggested that the term 'technical non-repudiation' be used. I don't have anything against the term, but the term being used by the ABA is signer authentication. Using this latter term was refuted based on the fact that non-public-key systems can perform signer authentication based on the trust systems in place. I don't understand why we must differentiate between signer authentication performed by public key systems versus signer authentication performed by other systems. The reason I question this is that public key systems seem to be no different from other systems with respect to the need for establishing a trust mechanism. Public key systems are only secure to the extent that we trust the mechanism which delivers the public key to the verification step. This is the raison d'etre for PKIs and CAs. Hence, signer authentication requires the establishment of a trust system even for public key systems. Thanks, John Boyer Software Development Manager UWI.Com -- The Internet Forms Company
Received on Thursday, 21 October 1999 13:22:58 UTC