Jon Callas wrote:
> Nonrepudiation is a somewhat daft belief. Let me give a
> gedankenexperiment. Suppose Alice phones up Bob and says, "Hey, Bob,
> I just noticed that you have a digital nature from me. Well, ummm, I
> didn't do it. I have no idea how that could have happened, but it
> wasn't me." Nonrepudiation is the belief that the probability that
> Alice is telling the truth is less than 2^{-128}, assuming a 3K RSA
> key or 256-bit ECDSA key either with SHA-256. Moreover, if that
> signature was made with an ECDSA-521 bit key and SHA-512, then the
> probability she's telling the truth goes down to 2^{-256}.On Sun, 25 Dec 2011, Florian Weimer wrote: > Those numbers aren't really important. In practice, Alice says, "my > secretary signed those documents for me, without me actually knowing > their contents". There are other alternatives as well: * Alice says "Yes, I clicked the 'sign' button, but the document on my screen didn't say 'transfer all my money to Bob', it said 'transfer my next month's rent to $landlord'. Hmm, just as I was clicking the 'sign' button a bunch of stuff flashed up on the screen for a fraction of a second, then went away before I could read it. That kind of thing happens a lot with my computer these days. It's really irritating, isn't it? But on the positive side, look at these cute dancing bunnies I downloaded a few weeks ago." * Alice says "Hey, Bob, I just noticed that you have a digital nature from me. Well, ummm, I didn't do it. I have no idea how that could have happened, but it wasn't me. I don't even know what a digital signature is, so I'm really really doubtful that I ever did one. Hey, look at these cute dancing bunnies I downloaded a few weeks ago." In practice, a digital signature establishes a binding between some piece of software which knows Alice's private key, and some bit-string (a "document"). But the legal system wants a binding to Alice's conscious intent, which is a *very* different thing. -- -- "Jonathan Thornburg [remove -animal to reply]" <[email protected]> Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA "Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral." -- quote by Freire / poster by Oxfam _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
