Marsh Ray <[email protected]> writes: >Originally, public key systems were said to possess deliver this property of >'nonrepudiation', meaning a digital signature could effectively authenticate >the intent of the party associated with the private key.
Uhh, they were never said to deliver this property by anyone who knew anything about law, they were simply declared to have it by mathematicians and standards committees: The term "repudiation" has a specific legal meaning but this has nothing to do with the use of the term in certificates, and there seems to have been little to no input from lawyers into the PKI standards that were meant to be used for digital signatures (it's always amusing watching heated arguments in standards groups over what both sides think that lawyers might advise if they actually asked them). In particular, disabusing geeks of the notion that what's referred to in crypto/PKI theory as nonrepudiation actually means anything in a real-world legal context is really, really hard. Geeks really want to believe in the magic of cryptography. In recognition of this, X.509 some years ago stopped even pretending that digital signatures provided nonrepudiation. The certificate flag that used to be nonRepudiation is now called contentCommitment to indicate it's for a long- term signature, while digitalSignature is for a short-term signature like authenticating for an online service. (There's a lot more to the NR/CC saga than that, very few implementers seem to have got the memo about NR = CC and everyone just uses digitalSignature for everything, see the "magic of cryptography" comment in the excerpt above). Peter. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
