Carl and Ben have rubbished "non-repudiation" without defining what they mean, making it rather difficult to respond.
I define it quite carefully in my paper, which I pointed to.
Now, presumably, they mean the first, in that it is a rather hard problem to take the cryptographic property of public keys and then bootstrap that into some form of property that reliably stands in court.
But, whilst challenging, it is possible to achieve legal non-repudiability, depending on your careful use of assumptions. Whether that is a sensible thing or a nice depends on the circumstances ... (e.g., the game that banks play with pin codes).
Actually, its very easy to achieve legal non-repudiability. You pass a law saying that whatever-it-is is non-repudiable. I also cite an example of this in my paper (electronic VAT returns are non-repudiable, IIRC).
So, as a point of clarification, are we saying that "non-repudiability" is ONLY the first of the above meanings? And if so, what do we call the second? Or, what is the definition here?
From where I sit, it is better to term these as "legal non-repudiability" or "cryptographic non-repudiability" so as to reduce confusion.
Read my paper (it was co-authored with a lawyer, so I believe we've got both the crypto and legal versions covered).
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]