Ben Laurie wrote:
> Ian Grigg wrote:
> > Carl and Ben have rubbished "non-repudiation"
> > without defining what they mean, making it
> > rather difficult to respond.
> I define it quite carefully in my paper, which I pointed to.

Ah.  I did read your paper, but deferred any comment
on it, in part because I didn't understand what its
draft/publication status was.

Ben Laurie said:
> Probably because non-repudiation is a stupid idea:

You didn't state which of the two definitions
you were rubbishing, so I shall respond to both!

Let's take the first definition - your "technical
definition" (2.7):

  "Non-repudiation", in its technical sense, is a property of a communications
  system such that the system attributes the sending of a message to a person
  if, but only if, he did in fact send it, and records a person as having received
  a message if, but only if, he did in fact receive it. If such systems exist at all,
  they are very rare.

  Non-repudiability is often claimed to be a property of electronic signatures of
  the kind described above. This claim is unintelligible if "non-repudiation" is
  used in its correct technical sense, and in fact represents an attempt to confer a
  bogus technical respectability on the purely commercial assertion the the owners
  of private keys should be made responsible for their use, whoever in fact uses

Some comments.

1. This definition seems to be only one of the many
out there [1].  The use of the term "correct technical
sense" then would be meaningless as well as brave
without some support of references.  Although it does
suffice to ground the use within the paper.

2. The definition is muddied by including the attack
inside the definition.  The attack on the definition would
fit better in section 6. "Is \non-repudiation" a useful

3. Nothing in either the definition 2.7 or the proper
section of 6. tells us above why the claim is "unintelligable".

To find this, we have to go back to Carl's comment
which gets to the nub of the legal and literal meaning
of the term:

    "To me, "repudiation" is the action only of a human being (not of a key)..."

Repudiate can only be done by a human [2].  A key cannot
repudiate, nor can a system of technical capabilities [3].
(Imagine here, a debate on how to tie the human to the

That is, it is an agency problem, and unless clearly
cast in those terms, for which there exists a strong
literature, no strong foundation can be made of any
conclusions [4].

4. The discussion resigns itself to being somewhat
dismissive, by leaving open the possibility that
there are alternative possibilities.  There is
a name for this fallacy, stating the general and
showing only the specific, but I forget its name.

In the first para, 2.7, it states that "If such systems
exist at all, they are very rare."  Thus, allowing
for existance.  Yet in the second para, one context
is left as "unintelligable."  In section 6, again,
"most discussions ... are more confusing than helpful."

This hole is created, IMHO, by the absence of Carl's
killer argument in 3. above.  Only once it is possible
to move on from the fallacy embodied in the term
repudiation itself, is it possible to start considering
what is "good" and useful about the irrefutability (or
otherwise) of a digital signature [5].

I.e., throwing out the bathwater is a fine and regular
thing to do.  Let's now start looking for the baby.

> > But, whilst challenging, it is possible to
> > achieve legal non-repudiability, depending
> > on your careful use of assumptions.  Whether
> > that is a sensible thing or a nice depends
> > on the circumstances ... (e.g., the game that
> > banks play with pin codes).
> Actually, its very easy to achieve legal non-repudiability. You pass a
> law saying that whatever-it-is is non-repudiable. I also cite an example
> of this in my paper (electronic VAT returns are non-repudiable, IIRC).

Which brings us to your second definition, again,
in 2.7:

    To lawyers, non-repudiation was not a technical legal term before techies gave
    it to them. Legally it refers to a rule which defines circumstances in which a
    person is treated for legal purposes as having sent a message, whether in fact
    he did or not, or is treated as having received a message, whether in fact he
    did or not. Its legal meaning is thus almost exactly the opposite of its technical

I am not sure that I'd agree that the legal
fraternity thinks in the terms outlined in the
second sentance.  I'd be surprised if the legal
fraternity said any more than "what you are
trying to say is perhaps best seen by these
sorts of rules..."

Much of law already duplicates what is implied
above, anyway, which makes one wonder (a) what
is the difference between the above and the
rules of evidence and presumption, etc, etc
and (b) why did the legal fraternity adopt
the techies' term with such abandon that they
didn't bother to define it?

In practice, the process of dispute resolution is
very strongly oriented towards addressing evidence
and moving it to a supported conclusion.  A
digital signature is evidence, and conclusions
can be supported based on that evidence;  what
we techies should perhaps draw from this is
that our efforts to define any new terms and any
new procedures are childish in comparison to the
logic and procedures developed in the forum of
the law over the last few millenia.

Next para:

    Such a rule may be imposed by law, as for example this rule:

       The person making the return to the Controller
       shall be presumed to be the person identifed as
       such by any relevant feature of the electronic
       return system.[2]

I disagree [6].  That clause creates a presumption.
Nothing in the clause states that this cannot be
repudiated.  In fact, careful examination of the
preceeding clause concerning the time of the return
indicates that "conclusive presumption" was preferred
in this alternate time context.  Thus, repudiation
of the party is anticipated, and repudiation of the
time is "ruled against" [7].

Further, repudiation as a word or concept does not
appear in that act.  What happens is that the act
ties down the event of the return;  it does not
state that the return cannot be repudiated (although
I grant that might occur elsewhere).  In Section
(4L)(a) it specifically raises a case of potential

The second (surveyors) clause/example is the same -
it creates a presumption that can always be repudiated.
In practice, the repudiation is an uncertain thing, as
is all repudiations.  But, it is not possible to
conclude, AFAIK, in law, that the clause is non-
repudiable, simply because it states so.

Which all leads to this:  I don't think you have
nailed down any legal definition of non-repudiability.
Or, if that is what it is, the legal fraternity also
knows that the techies' definition is a chimera, a
mere hope on which to attach the use of dig sigs, in
which case, this logic needs to be explained within
the paper - that the definition doesn't exist.

In essence, I can imagine a lawyer saying "yes,
we already do what you are aiming for (presumption),
but, your technical non-repudiability is impossible
under the law because the law doesn't think in those

Nor does the paper nail why it doesn't make sense.
It omits the killer argument that the process of
the dispute resolution moves from evidence to
application of law to ruling;  a statement of
non-repudiability is meaningless in that context.
(A lawyer would need to make this argument more
carefully - I am not such and am conscious that I
also haven't nailed it myself :)

> Read my paper (it was co-authored with a lawyer, so I believe we've got
> both the crypto and legal versions covered).

I note the English & Wales legal context.  If there
is a law that covers non-repudiation, by technical
means, that would definately effect the nature of
the discussion.


[1] ref: Lynn's post that pointed at the ISO SC27

       1.To reject the validity or authority
         of: "Chaucer... not only came to
         doubt the worth of his
         extraordinary body of work, but
         repudiated it" (Joyce Carol
       2.To reject emphatically as
         unfounded, untrue, or unjust:
         repudiated the accusation. 
       3.To refuse to recognize or pay:
         repudiate a debt. 
             a.To disown (a child, for
             b.To refuse to have any
                dealings with.

For most relevance, examine 3., 4.a.

[3] This is in part an assumption, as I am assuming
here that AI and similar things cannot enter
into contracts, or, if they do so, they are
then persons, and thus the model stands.  We
can test this by determining as to whether
these "new persons" can take standing in a
forum of dispute resolution.  Lawyers might
like to comment on that, and as I say, it's
an assumption!

[4] Agency problems are ones where a principal
delegates powers to an agent, and those powers
are used or abused according to the incentives
and circumstances.  Canonically, a shop owner
employs an assistant to mind the counter;  does
the money taken in by sales made by the assistant
go into his pocket, or her cashbox?

[5] Irrefutability I proposed in an earlier
email, and as yet lacks any credibility.

[6] Link reproduced:

[7] ruled against more firmly, perhaps.  There
is nothing stopping a repudiation of the time,
and presenting the reasons to the judge.  That's
part of the process.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to