At 11:42 07/01/2004 -0800, Ed Gerck wrote:
Jerrold Leichter wrote:
> Now that we've trashed non-repudiation ...
Huh? Processes that can be conclusive are useful and do exist, I read
here,
in the legal domain. It may not be so clear how such processes can exist
in
the technical domain and that's wh
I did a Google search on "irrebuttable presumption" and found a lot
of interesting material. One research report on the State of
Connecticut web site
http://www.cga.state.ct.us/2003/olrdata/ph/rpt/2003-R-0422.htm
says: "The Connecticut Supreme Court and the U. S. Supreme Court have
held that i
ot;Anton Stiglic" <[EMAIL PROTECTED]> wrote:
>
> - Original Message -
> From: "Jerrold Leichter" <[EMAIL PROTECTED]>
> Cc: "Cryptography" <[EMAIL PROTECTED]>
> Sent: Wednesday, January 07, 2004 7:14 AM
> Subject: Re: [Fwd: Re:
Ed Gerck wrote:
> Likewise, in a communication process, when repudiation of an act by a party is
> anticipated, some system security designers find it useful to define
> "non-repudiation"
> as a service that prevents the effective denial of an act. Thus, lawyers should
> not squirm when we feel
Jerrold Leichter wrote:
> Now that we've trashed non-repudiation ...
Huh? Processes that can be conclusive are useful and do exist, I read here,
in the legal domain. It may not be so clear how such processes can exist in
the technical domain and that's why I'm posting ;-)
> just how is it differ
| Non-repudiation applied to digital signatures implies that the definition
| states that only one person possibly had possession of the private signing
| key and was conscious about the fact that it was used to sign something.
There is absolutely *no* cryptographic or mathematical content to this
At 10:14 AM 1/7/2004 -0500, Jerrold Leichter wrote:
Now that we've trashed non-repudiation ... just how is it different from
authentication? In both cases, there is a clear technical meaning (though as
with anything in mathematics, when you get right down to it, the details are
complex and may be
- Original Message -
From: "Jerrold Leichter" <[EMAIL PROTECTED]>
Cc: "Cryptography" <[EMAIL PROTECTED]>
Sent: Wednesday, January 07, 2004 7:14 AM
Subject: Re: [Fwd: Re: Non-repudiation (was RE: The PAIN mnemonic)]
> Now that we've trashed non-
Now that we've trashed non-repudiation ... just how is it different from
authentication? In both cases, there is a clear technical meaning (though as
with anything in mathematics, when you get right down to it, the details are
complex and may be important): To produce an authenticator/non-repudia
>
In business, when repudiation of an act is anticipated we're reminded by
Nicholas Bohm (whose clear thinking I know and appreciate for 6 years)
that some lawyers find it useful to define "irrebuttable presumptions" -- a
technique known to the law and capable of being instantiated in statute or
Ian Grigg wrote:
Which leaves the issue of what we call the property that
differentiates a private key signature from a MAC or MD?
A private key signature can only be produced by the holder of the
private key, and can be verified by anyone (who has the public key).
That is, it is asymmetric, just
Ben Laurie wrote:
>
> My co-author (a lawyer) responds in detail to Ian Grigg's criticisms.
Thanks for that! As I'm not clear whether the status of
the paper is searching of (more, further) detailed criticisms,
I've not commented directly on Mr Bohm's remarks. For the
most part, we are in agre
At 06:24 PM 12/23/03 -0700, Richard Johnson wrote:
...
In my eperience, the terminology has more often been "confidentiality,
integrity, and authentication". Call it CIA if you need an acronym easy
to memorize, if only due to its ironic similarity with that for the name of
a certain US government
My co-author (a lawyer) responds in detail to Ian Grigg's criticisms.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
--- Begin Message ---
A
At 18:02 29/12/2003, Ben Laurie wrote:
Amir Herzberg wrote:
...
specifications, I use `non-repudiation` terms for some of the
requirements. For example, the intuitive phrasing of the Non-Repudiation
of Origin (NRO) requirement is: if any party outputs an evidence evid
s.t. valid(agreement, evid,
Amir Herzberg wrote:
At 04:20 25/12/2003, Carl Ellison wrote:
...
If you want to use cryptography for e-commerce, then IMHO you
need a
contract signed on paper, enforced by normal contract law, in which one
party lists the hash of his public key (or the whole public key) and says
that s/h
Carl Ellison wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stefan Kelm
Sent: Tuesday, December 23, 2003 1:44 AM
To: [EMAIL PROTECTED]
Subject: Re: Non-repudiation (was RE: The PAIN mnemonic)
Ah. That's why they're trying to
Carl Ellison wrote:
If you want to use cryptography for e-commerce, then IMHO you need a
contract signed on paper, enforced by normal contract law, in which one
party lists the hash of his public key (or the whole public key) and says
that s/he accepts liability for any digitally signed sta
Amir Herzberg wrote:
Ian proposes below two draft-definitions for non-repudiation - legal and
technical. Lynn also sent us a bunch of definitions. Let's focus on the
technical/crypto one for now - after all this is a crypto forum (I agree
the legal one is also somewhat relevant to this forum).
"Carl Ellison" <[EMAIL PROTECTED]> writes:
>>Ah. That's why they're trying to rename the corresponding keyUsage bit
>>to "contentCommitment" then:
>
>Maybe, but that page defines it as:
>
>contentCommitment: for verifying digital signatures which are intended to
>signal that the signer is committi
At 01:34 AM 12/24/2003 -0800, Ed Gerck wrote:
However, IMO non-repudiation refers to a useful and
essential cryptographic primitive. It does not mean the
affirmation of a truth (which is authentication). It means
the denial of a falsity -- such as:
(1) the ability to prevent the effective denial of
On Sun, Dec 21, 2003 at 09:45:54AM -0700, Anne & Lynn Wheeler wrote:
> note, however, when I did reference PAIN as (one possible) security
> taxonomy i tended to skip over the term non-repudiation and primarily
> made references to privacy, authentication, and integrity.
In my eperience, t
Ben Laurie wrote:
>
> Ian Grigg wrote:
> > Carl and Ben have rubbished "non-repudiation"
> > without defining what they mean, making it
> > rather difficult to respond.
>
> I define it quite carefully in my paper, which I pointed to.
Ah. I did read your paper, but deferred any comment
on it, i
Ian Grigg wrote:
Carl and Ben have rubbished "non-repudiation"
without defining what they mean, making it
rather difficult to respond.
I define it quite carefully in my paper, which I pointed to.
Now, presumably, they mean the first, in
that it is a rather hard problem to take the
cryptographic pr
Carl Ellison wrote:
> > >From where I sit, it is better to term these
> > as "legal non-repudiability" or "cryptographic
> > non-repudiability" so as to reduce confusion.
>
> To me, "repudiation" is the action only of a human being (not of a key) and
> therefore there is no such thing as "cryptog
er 25, 2003 2:47 AM
> To: Carl Ellison; [EMAIL PROTECTED]
> Subject: RE: Non-repudiation (was RE: The PAIN mnemonic)
>
> At 04:20 25/12/2003, Carl Ellison wrote:
> ...
> > If you want to use cryptography for e-commerce,
> then IMHO you need a
> >contract s
At 04:20 25/12/2003, Carl Ellison wrote:
...
If you want to use cryptography for e-commerce, then IMHO you need a
contract signed on paper, enforced by normal contract law, in which one
party lists the hash of his public key (or the whole public key) and says
that s/he accepts liability for
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Stefan Kelm
> Sent: Tuesday, December 23, 2003 1:44 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Non-repudiation (was RE: The PAIN mnemonic)
> Ah. That's why they're try
: Re: Non-repudiation (was RE: The PAIN mnemonic)
>
> FWIW, I understand there are two meanings:
>
>some form of legal inability to deny
>responsibility for an event, and
This one has no place in either technology or law because we do not know how
to make computer sy
riginal Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Amir Herzberg
> Sent: Tuesday, December 23, 2003 1:18 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Non-repudiation (was RE: The PAIN mnemonic)
>
> Ben, Carl and others,
>
> At 18:23 21
Yes, the term "non-repudiation" has been badly misused in
old PKIX WG drafts (in spite of warnings by myself and
others) and some crypto works of reference -- usually
by well-intentioned but otherwise misguided people trying
to add "value" to digital certificates.
However, IMO non-repudiation refe
Ian proposes below two draft-definitions for non-repudiation - legal and
technical. Lynn also sent us a bunch of definitions. Let's focus on the
technical/crypto one for now - after all this is a crypto forum (I agree
the legal one is also somewhat relevant to this forum).
In my work on secure
At 11:18 AM 12/23/2003 +0200, Amir Herzberg wrote:
Any alternative definition or concept to cover what protocol designers
usually refer to as non-repudiation specifications? For example
non-repudiation of origin, i.e. the ability of recipient to convince a
third party that a message was sent (to
Amir Herzberg wrote:
>
> Ben, Carl and others,
>
> At 18:23 21/12/2003, Carl Ellison wrote:
>
> > > >and it included non-repudiation which is an unachievable,
> > > nonsense concept.
>
> Any alternative definition or concept to cover what protocol designers
> usually refer to as non-repudiation
At 08:23 AM 12/21/2003 -0800, Carl Ellison wrote:
That's an interesting definition, but you're describing a constraint on the
behavior of a human being. This has nothing to do with cryptosystem choice
or network protocol design. What mechanisms do you suggest for enforcing
even the constraint you
> Let's just leave the term "non-repudiation" to be used by people who don't
> understand security, but rather mouth things they've read in books that
> others claim are authoritative. There are lots of those books listing
> "non-repudiation" as a feature of public key cryptography, for example,
>
Ben, Carl and others,
At 18:23 21/12/2003, Carl Ellison wrote:
> >and it included non-repudiation which is an unachievable,
> nonsense concept.
Any alternative definition or concept to cover what protocol designers
usually refer to as non-repudiation specifications? For example
non-repudiation
At 08:23 AM 12/21/2003 -0800, Carl Ellison wrote:
That's an interesting definition, but you're describing a constraint on the
behavior of a human being. This has nothing to do with cryptosystem choice
or network protocol design. What mechanisms do you suggest for enforcing
even the constraint you
38 matches
Mail list logo
