Jerrold Leichter wrote:
> Now that we've trashed non-repudiation ...
Huh? Processes that can be conclusive are useful and do exist, I read here,
in the legal domain. It may not be so clear how such processes can exist in
the technical domain and that's why I'm posting ;-)
> just how is it different from authentication?
Using an information theory model, it's clear that authentication needs one
channel of information (e.g., the CA's public key, the password list) in addition
to the signal (e.g., a signed message, a username/password entry). Authentication
rests on the information channel being trusted (i.e., independently verifiable). In
this model, non-repudiation is different because it needs at least one additional
out-of-band signal (where authenticated absence of the signal is also effective).
BTW, that's why digital signatures per se are repudiable -- there's no second,
An additional technical difference is that authentication promotes "strength of
evidence" while non-repudiation promotes "lack of repudiation of evidence".
The latter is intuitively recognized to be stronger because a single, effective
denial of an act can rebuke any number of strong affirmations.
This also means, intuitively, that another difference exists. Non-repudiation
should be harder to accomplish than authentication (you want more, you need
to pay more). However, to the extent that the process *can be* conclusive,
non-repudiation may be worth it. Imagine the added costs, time and hassle
(going back to a real-world comparison) if your bank would have to call you
to confirm payment for every check you sign? This would be the case if
paying a check could not be cast as a conclusive process for the bank (i.e.,
without the possibility of an irrebuttable presumption of payability).
In the UK, but not in other countries, there is a statutory rule which prevents a bank from debiting a customer's account with a forged cheque (if you will forgive the British spelling), with only very limited exceptions. If the customer repudiates a signature, it is for the bank to prove the genuineness of the signature, or suffer the loss.
My bank has once or twice telephoned to check the genuineness of an unusual transaction, though this over a period of many years.
This is not to disagree with your comments, but to observe that existing paper systems can work satisfactorily without non-repudiation rules. There are obvious advantages to some parties in such systems if it adopts a non-repudiation rule, probably matched with corresponding disadvantages for others. The change from paper to electronic systems of course also alters the balance of risks and the approach of banks to non-repudiation rules.
I and colleagues have written about this at:
Salkyns, Great Canfield,
Takeley, Bishop’s Stortford CM22 6SX, UK
PGP RSA 1024 bit public key ID: 0x08340015. Fingerprint:
9E 15 FB 2A 54 96 24 37 98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF. Fingerprint:
5248 1320 B42E 84FC 1E8B A9E6 0912 AE66 899D D7FF