Correct, as far as I can tell. Non-repudiation is more of a legal concept, though it depends on authenticity and integrity at a technical level. I.e., will using Curve make it harder for someone to claim "it wasn't me" afterwards? Yes, but only if e.g. certificates are properly stored and exchanged as well, which goes beyond the security protocol.
-Pieter On Sat, Nov 16, 2013 at 10:49 AM, Laurent Alebarde <[email protected]> wrote: > Hi Pieter, > > I am not sure, from the basic security principles: Confidentiality, > Integrity, Availability, Authenticity, Non-repudiation, which one are > covered by CURVE ? > > I assume (in parenthesis, the defenses listed in the curve RFC): > > Confidentiality: yes (Eavesdropping, Key theft attacks, Identifying the > client) > Integrity: yes (Altering data) > Availability: restricted, has to be performed at system level > (Denial-of-Service attacks) > Authenticity: yes (Fraudulent data, Replaying data, Amplification attacks, > Man-in-the-middle attacks, > Non-repudiation: I realy don't know > > Can you confirm or correct me please. > > Cheers, > > > Laurent > > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > -- - Pieter Hintjens CEO of iMatix.com Founder of ZeroMQ community blog: http://hintjens.com _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
