Jerrold Leichter wrote:

> Now that we've trashed non-repudiation ...

Huh? Processes that can be conclusive are useful and do exist, I read here,
in the legal domain. It may not be so clear how such processes can exist in
the technical domain and that's why I'm posting ;-)

> just how is it different from authentication?

Using an information theory model, it's clear that authentication needs one
channel of information (e.g., the CA's public key, the password list) in addition
to the signal (e.g., a signed message, a username/password entry). Authentication
rests on the information channel being trusted (i.e., independently verifiable). In
this model, non-repudiation is different because it needs at least one additional
out-of-band signal (where authenticated absence of the signal is also effective).
BTW, that's why digital signatures per se are repudiable -- there's no second,
out-of-band signal.

An additional technical difference is that authentication promotes "strength of
evidence" while non-repudiation promotes "lack of repudiation of evidence".
The latter is intuitively recognized to be stronger because  a single, effective
denial of an act can rebuke any number of strong affirmations.

This also means, intuitively,  that another difference exists. Non-repudiation
should be harder to accomplish than authentication (you want more, you need
to pay more). However, to the  extent that the process *can be* conclusive,
non-repudiation may be worth it. Imagine the added costs, time and hassle
(going back to a real-world comparison) if your bank would have to call you
to confirm payment for every check you sign? This would be the case if
paying a check could not be cast as a conclusive process for the bank (i.e.,
without the possibility of an irrebuttable presumption of payability).

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to