-----Original Message----- From: COSE <[email protected]> On Behalf Of Carsten Bormann Sent: Friday, November 22, 2019 6:40 AM To: John Mattsson <[email protected]> Cc: [email protected] Subject: Re: [COSE] Comments on draft-ietf-cose-rfc8152bis-struct-07 and draft-ietf-cose-rfc8152bis-algs-06
On Nov 22, 2019, at 06:27, John Mattsson <[email protected]> wrote: > > Could we replace "data origination" with "non-repudiation"? Preferably not. [JLS] No really, really not. If you want the thing that often is identified incorrectly by the latter, please use a more precise term such as “third party verifiability”. Non-repudation is a legal term. [JLS] Non-repudiation is not a legal term. Repudiation is a legal term. There is no such thing as non-repudiation, just a legal argument that you can or cannot repudiate something. I repudiate this signature because Carsten was holding a gun to my head when I made it. That is a repudiate argument and not the reverse. Non-repudiation originally had some really weird ideas around having a technological way of proving things like: It was proven that the key was in my possession. It was proven that only I could have made the signature. I knew what I was signing a the time. That is things that cannot be shown. Jim Provenance is often a term used for the former. BTW, the text might be easier to read when constructs such as “bistro”, oops, “bstr”, are replaced by “byte string” outside of the CDDL (where byte strings are indeed called “buster”, oops, “bstr”, or also simply “bytes”). In the previous sentence, for demonstration, I left in the autocorrects as they actually happened :-) Grüße, Carsten _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
