At 2:24 PM -0700 10/10/2000, Ed Gerck wrote:
"Arnold G. Reinhold" wrote:
You may well be right about the accepted definition of non-repudiation, but if you are then I would amend my remarks to say that known cryptographic technology cannot provide non-repudiation service unless we are willing to create a new legal duty for individuals and corporations to protect their secret key or accept what ever consequences ensue. I don't think that is acceptable.
Non-repudiation is, according to how myself and the PKIX WG consensus views it, a useful concept both in technical as well as in legal terms. Further, neither myself nor the specific discussion in the PKIX WG saw any need to require a specific legal framework to talk about technical applications of the non-repudiation concept. So, yes, technology can provide for non-repudiation services and the question whether or not these services are useful to provide evidences to a legal layer depends on many *other* considerations -- such as for example the legal regime (common law, civil law, statutes, contracts, etc.), which we do not control. What we can do on the technical side is provide protocols (with and without crypto -- for example, with timestamps that may be signed or made available in a tamperproof public record) that support non-repudiation as a service that prevents the denial of an act. This service is completely different from a service that proves an act, which is authentication. Neither of these services is absolute, though, and thus the notion of non-repudiation cannot be of an absolute answer. This is a common point between law and technology -- anything can be repudiated.
I find the rest of your comment a tad too opaque. Could you give some examples of what you have in mind?
You can check for example http://www.imc.org/draft-ietf-pkix-technr or ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-technr-01.txt
The Abstract of the draft-ietf-pkix-technr says
This document describes those features of a service which processes signed documents which must be present in order for that service to constitute a "technical non-repudiation" service. A technical non-repudiation service must permit an independent verifier to determine whether a given signature was applied to a given data object by the private key associated with a given valid certificate, at a time later than the signature. The features of a technical non- repudiation service are expected to be necessary for a full non- repudiation service, although they may not be sufficient.
My original point was the the technical definition of non-repudiation was much narrower that the legal definition. This draft seems to agree. It goes on to say:
The NR service is expected to provide evidence that a given object was signed by the private key corresponding to a given certificate which was valid at the time of signature. It is not anticipated that the use of the NR service will ordinarily constitute execution of a contract, or acceptance of any other legal obligation. It is anticipated that any use of this service in accepting legal obligations would be the subject of legislation or judicial decision in various jurisdictions, which are likely to lay additional technical burdens upon the provision of such a service to such an extent as to constitute another, larger service which need not be the same in all jurisdictions. It is outside the scope of the definition of this service to provide evidence that the signer and the subject of the signing certificate are the same, that the signer has been adequately informed of the content which is signed, that the signer is not acting under duress, etc.
My concern is that the vast majority of informed lay people, lawyers, judges, legislators, etc. will hear "non-repudiation" and hear "absolute proof." If you doubt this, read the breathless articles written recently about the new U.S. Electronic Signatures Act. I don't think technologists should be free to use evocative terms and then define away their common sense meaning in the fine print. Certainly a valid public key signature is strong evidence and services like that described in the draft can be useful. I simply object to calling them "non-repudiation services." I would not object to "anti-repudiation services," "counter-repudiation services" or "repudiation-resistant technology." Would the banking industry employ terms like "forgery-proof checks," "impregnable vaults" or "pick-proof locks" to describe conventional security measures that were known to be fallible? Arnold Reinhold