> -----Original Message----- > From: Andrew McNaughton [mailto:[EMAIL PROTECTED]] > Sent: 06 May 2002 16:55 > To: [EMAIL PROTECTED] > Subject: Repudiability > > > > Suppose someone refutes that they have sent information to a Web site > owner, how is the Web site owner to prove that the information was in > fact received and that it was signed with a given key? > > To do this, the Web site owner would presumably need to be > able to produce > the still-encrypted post as sent by the user, but from a > quickish reading > of the mod_ssl reference, I don't see any way to log this information. > > Andrew McNaughton
Provided you know the time of the transaction, the web server logs will give you details of the IP address all the web transactions are coming from. You can find who owns this IP address via the Ripe (www.ripe.net), Arin (www.arin.net) or Apnic (www.apnic.net) websites. >From this you can find which ISP this address belongs to, and that ISP can verify who was using that IP address at the time. How much assistance you receive from each ISP will vary. That may give you sufficient information to press a case against the person who alleges they didn't access your website, but IANAL. I'm not sure what you mean about information being signed with a given key. Do you mean a personal key like a digital signature, or do you mean the SSL key? - John Airey Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] The teaching of evolution as a proven fact rather than a theory has done more harm to scientific progress than anything else in history. - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk 14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
