RE: D-AR006.6 [ Was: RE: D-AR006.11 discussion points] from Joseph Hui on 2002-05-10 (www-ws-arch@w3.org from May 2002)

From: Joseph Hui <Joseph.Hui@exodus.net>
Date: Thu, 9 May 2002 17:30:49 -0700
To: "Mark Baker" <distobj@acm.org>
Cc: <www-ws-arch@w3.org>
Message-ID: <45258A4365C6B24A9832BFE224837D551D1C10@SJDCEX01.int.exodus.net>

Mark,

The points presented in the article you referenced are
well known facts for those who develop and deploy
non-rep technologies: banks, institutional traders, etc.

Some of the points it made actually reinforced the reqs for
Key Management and Private Key guidelines.

Oh, the authors neglected to mention a non-PKI based remedy
for a digital signature's shortfall they show: the challenge-response
method used to prove the signer's sole possession of the
private key at time of signing, e.g. Alice claims her
private key was stolen, someone else forged her signature.
(They were too busy bashing PKI, I guess. ;-)

Non-rep is a complicated subject indeed.  For that reason
I suggested during the F2F that it might not likely to be
tackled in the first phase of our deliverables (if the WG
decided to take it on), keeping the time-to-market factor
in mind.

Joe Hui
Exodus, a Cable & Wireless service
====================================================

> -----Original Message-----
> From: Mark Baker [mailto:distobj@acm.org]
> Sent: Thursday, May 09, 2002 4:15 PM
> To: Ahmed, Zahid
> Cc: www-ws-arch@w3.org
> Subject: Re: D-AR006.11 discussion points
> 
> 
> On Thu, May 09, 2002 at 01:16:45PM -0700, Ahmed, Zahid wrote:
> > I agree that auduting should not be included in the security
> > requirements.
> 
> Agreed.
> 
> I also might as well response to Krishna here ...
> 
> > From: Krishna Sankar [mailto:ksankar@cisco.com]
> [snip]
> > Non-repudiation is not a security function. Agreed, it is based on
> > primitives which security is also based on - like 
> signatures and so on.
> > In fact non-repudiation is not only a technological issue but also a
> > legal issue. The pkix forum is having mile long discussions 
> on this. 
> 
> Agreed.  I said this in my ballot, and referenced Bruce 
> Schneier's view
> on this topic;
> 
> http://www.counterpane.com/insiderisks5.html
> 
> MB
> -- 
> Mark Baker, Chief Science Officer, Planetfred, Inc.
> Ottawa, Ontario, CANADA.      mbaker@planetfred.com
> http://www.markbaker.ca   http://www.planetfred.com
> 
>

Received on Thursday, 9 May 2002 20:30:36 UTC