Carl Ellison wrote: > > >From where I sit, it is better to term these > > as "legal non-repudiability" or "cryptographic > > non-repudiability" so as to reduce confusion. > > To me, "repudiation" is the action only of a human being (not of a key) and > therefore there is no such thing as "cryptographic non-repudiability".
Ah. Now I understand. The verb is wrong, as it necessarily implies the act of the human who is accused of the act. (And, thus, my claim that it is possible, was also wrong.) Whereas the cryptographic property implies no such thing, and a cryptographic actor can only affirm or not, not repudiate. I.e., it's a meaningless term. > We > need a different, more precise term for that - Would "irrefutable" be a better term? Or non- refutability, if one desires to preserve the N? The advantage of this verb is that it has no actor involved, and evidence can be refuted on its own merits, as it were. As a test, if one were to replace repudiate with refute in the ISO definition, would it then stand? > and we need to rid our > literature and conversation of any reference to the former - except to > strongly discredit it if/when it ever appears again. I think more is needed. A better definition is required, as absence is too easy to ignore. People and courts will use what they have available, so it is necessary to do more; indeed it is necessary to actively replace that term with another. Generally, the way the legal people work is to create simple "tests". Such as: A Document was signed by a private key if: 1. The signature is verifiable by the public key, 2. the public key is paired with the private key, 3. the signature is over a cryptographically strong message digest, 4. the Message Digest was over the Document. Now, this would lead to a definition of irrefutable evidence. How such evidence would be used would be of course dependent on the circumstances; it then becomes a further challenge to tie a human's action to that act / event. iang PS: Doing a bit of googling, I found the ISO definition to be something like: http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/1999OctDec/0149.html >> >... The ISO >> >10181-4 document (called non repudiation Framework) starts with: >> >"The goal of the non-repudiation service is to collect, maintain, >> >make available and validate irrefutable evidence concerning a >> >claimed event or action in order to solve disputes about the >> >occurrence of the event or action". But, the actual standard costs money (!?) so it is not surprising that it is the subject of much controversy :) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]