- From: Joseph Hui <Joseph.Hui@exodus.net>
- Date: Thu, 9 May 2002 17:30:49 -0700
- To: "Mark Baker" <distobj@acm.org>
- Cc: <www-ws-arch@w3.org>
Mark, The points presented in the article you referenced are well known facts for those who develop and deploy non-rep technologies: banks, institutional traders, etc. Some of the points it made actually reinforced the reqs for Key Management and Private Key guidelines. Oh, the authors neglected to mention a non-PKI based remedy for a digital signature's shortfall they show: the challenge-response method used to prove the signer's sole possession of the private key at time of signing, e.g. Alice claims her private key was stolen, someone else forged her signature. (They were too busy bashing PKI, I guess. ;-) Non-rep is a complicated subject indeed. For that reason I suggested during the F2F that it might not likely to be tackled in the first phase of our deliverables (if the WG decided to take it on), keeping the time-to-market factor in mind. Joe Hui Exodus, a Cable & Wireless service ==================================================== > -----Original Message----- > From: Mark Baker [mailto:distobj@acm.org] > Sent: Thursday, May 09, 2002 4:15 PM > To: Ahmed, Zahid > Cc: www-ws-arch@w3.org > Subject: Re: D-AR006.11 discussion points > > > On Thu, May 09, 2002 at 01:16:45PM -0700, Ahmed, Zahid wrote: > > I agree that auduting should not be included in the security > > requirements. > > Agreed. > > I also might as well response to Krishna here ... > > > From: Krishna Sankar [mailto:ksankar@cisco.com] > [snip] > > Non-repudiation is not a security function. Agreed, it is based on > > primitives which security is also based on - like > signatures and so on. > > In fact non-repudiation is not only a technological issue but also a > > legal issue. The pkix forum is having mile long discussions > on this. > > Agreed. I said this in my ballot, and referenced Bruce > Schneier's view > on this topic; > > http://www.counterpane.com/insiderisks5.html > > MB > -- > Mark Baker, Chief Science Officer, Planetfred, Inc. > Ottawa, Ontario, CANADA. mbaker@planetfred.com > http://www.markbaker.ca http://www.planetfred.com > >
Received on Thursday, 9 May 2002 20:30:36 UTC