Ed Gerck wrote:
"Arnold G. Reinhold" wrote:
In public-key cryptography "Non-Repudiation" means that that the probability that a particular result could have been produced without access to the secret key is vanishingly small, subject to the assumption that the underlying public-key problem is difficult. If that property had be called "the key binding property" or "condition Z," or some other matheze name, we would all be able to look at this notion more objectively. "Non-repudiation," has too powerful a association with the real world.
Your definition is not standard. The Cryptography Handbook by Menezes defines non-repudiation as a service that prevents the denial of an act. The same is the current definition in PKIX, as well as in X.509. This does not mean, however as some may suppose, that the act cannot be denied -- for example, it can be denied by a counter authentication that presents an accepted proof.
Thus, non-repudiation is not a stronger authentication -- neither a long lived authentication. Authentication is an assertion that something is true. Non- repudiation is a negation that something is false. Neither are absolute. And they are quite different when non-boolean variables (ie, real-world variables) are used. They are complementary concepts and *both* need to be used or we lose expressive power in protocols, contracts, etc..
Since we're in hair-splitting mode, I should point out that "prevents the denial of an act" is not equivalent to a "negation that something is false". Of course, logically, it comes to the same thing, but then, so does "assertion that something is true". Assuming you believe in excluded middles, that is (which, of course, you don't, as you have said). But the important point is that the mechanism could be (and usually is) entirely different. Blimey. I appear to be agreeing with Ed. Cheers, Ben. -- http://www.apache-ssl.org/ben.html Coming to ApacheCon Europe 2000? http://apachecon.com/