- From: Richard D. Brown <rdbrown@GlobeSet.com>
- Date: Wed, 21 Apr 1999 19:08:18 -0500
- To: "'Paul Lambert'" <plambert@certicom.com>, <w3c-xml-sig-ws@w3.org>
Paul, > > In particular, a keyed hash will never be able to support > non-repudiation. > Not quite true. It has been already demonstrated that some symmetric authentication schemes can provide the necessary foundation to non-repudiation - for example H(S,K,M) in secure hardware with S being a unique signer's identifier sealed in the token, K a shared secret also sealed in the token, and M a representation of the document could be satisfactory. More sophisticated schemes can be built with key-exchange algorithms (i.e. Diffie-Hellman). > The trust considerations for a shared key mechanism are not the > same as public key signed mechanisms. Correct though usage of a public key signature scheme does not imply trust per se. Adopting a public key signature scheme only allows signature verifiability without having to disclose the signing secret. Trust is bound to the production by a truted third-party of a credential that binds the signature verification key with a set of attributes. Trust is only propagated by the credential and not intrinsic to the use of public keys. For WPR exchanges, symmetric key is often sufficient - non-repudiation is not always necessary or can be achieved without making use of a "mechanic with strong mathematical foundations." Many times in the past, courts have ruled in favor of well-defined and well-documented business processes though not founded upon mathematical concepts. In fact, a symmetric authentication scheme with an adequate audit-trail and well-defined processes may stand stronger than a public-key signature scheme with inadequate protection of the private-key or an obvious lack of scrutany when establishing credentials. Sincerely, Richard D. Brown
Received on Wednesday, 21 April 1999 20:07:48 UTC