At 12:12 PM -0700 10/7/2000, Ed Gerck wrote:
"Arnold G. Reinhold" wrote:
In public-key cryptography "Non-Repudiation" means that that the probability that a particular result could have been produced without access to the secret key is vanishingly small, subject to the assumption that the underlying public-key problem is difficult. If that property had be called "the key binding property" or "condition Z," or some other matheze name, we would all be able to look at this notion more objectively. "Non-repudiation," has too powerful a association with the real world.
Your definition is not standard. The Cryptography Handbook by Menezes defines non-repudiation as a service that prevents the denial of an act. The same is the current definition in PKIX, as well as in X.509. This does not mean, however as some may suppose, that the act cannot be denied -- for example, it can be denied by a counter authentication that presents an accepted proof.
Thus, non-repudiation is not a stronger authentication -- neither a long lived authentication. Authentication is an assertion that something is true. Non- repudiation is a negation that something is false. Neither are absolute. And they are quite different when non-boolean variables (ie, real-world variables) are used. They are complementary concepts and *both* need to be used or we lose expressive power in protocols, contracts, etc..
Cheers,
Ed Gerck
You may well be right about the accepted definition of non-repudiation, but if you are then I would amend my remarks to say that known cryptographic technology cannot provide non-repudiation service unless we are willing to create a new legal duty for individuals and corporations to protect their secret key or accept what ever consequences ensue. I don't think that is acceptable. I find the rest of your comment a tad too opaque. Could you give some examples of what you have in mind? Arnold Reinhold