At 01:34 AM 12/24/2003 -0800, Ed Gerck wrote:
However, IMO non-repudiation refers to a useful and
essential cryptographic primitive. It does not mean the
affirmation of a truth (which is authentication). It means
the denial of a falsity -- such as:

(1) the ability to prevent the effective denial of an act (in
other words, denying the act becomes a falsity); or

(2) the ability to prevent the denial of the origin or delivery
of transactions.

so another way of looking at it ... is that somebody repudiates, refutes, and/or disavovs ... typically after the fact.

non-repudiation would be those things that would support countering claims of repudiation, refuting, and/or disavowing.

authentication is typically demonstrating that an entity is allowed to do something. authentication can include having a passphrase that is known by everybody in the organization. knowing the passphrase is sufficient to authenticate that somebody is allowed to do something. however, if somebody refutes that they had done something .... showing that they knew the passphrase (known by everybody in the organization) isn't sufficient to counter the repudiation claim.

an infrastructure that requires a unique passphrase for every person would help counter repudiation claims

public/private asymmetric cryptography systems where the infrastructure requires that a single person only has access to a particular private key would help counter repudiation claims. In that sense .... public/private key system can be seen as addressing both privacy and non-repudiation issues. the policies governing the determination of private key in a asymmetric cryptography infrastructure can influence whether it just pertains to just privacy and authentication and/or whether it can also be used to counter repudiation claims.
while making sure that one & only one person has knowledge of a specific private key, in no way impacts the asymmetric cryptography operations ... the process can be used to countering repudiation claims.

while repudiation tends to be a human act .... it is entirely possible to have infrastructure and organizational implementation features that support countering claims of repudiation when they occur.

say dozens of people know (the same) vault combination lock (authentication) .... which doesn't do anything to counter a particular person's claim that they didn't enter the vault,
however video surveillance and door badge access logs could be considered as part of security taxonomy for countering repudiation claims.
Anne & Lynn Wheeler
Internet trivia 20th anv

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to