I'll add two words to the list: "support" (as opposed to "provide"), and "accountability." I prefer to say that a digital signature is a tool that "supports accountability." I suppose that "supports non-repudiation" would be fine as well. My concern is when the phrase "provides non-repudiation" is used it implies that complete non-repudiation can be provided technically (which I don't believe is the case). Mike J.
-----Original Message----- From: David Jablon [mailto:dpj@world.std.com] Sent: Wednesday, October 11, 2000 10:29 AM To: Arnold G. Reinhold Cc: dcsb@ai.mit.edu; cryptography@c2.net; cypherpunks@cyberpass.net Subject: Re: Non-Repudiation in the Digital Environment (was Re: First Monday August 2000)
"Anti-repudiation" sounds good to me.
... even if does remind me of "antidisestablishmentarianism". Come to think of it, now even that term sounds appropriate here -- as our belief in the value of methods that deter key "dis-establishment". Pretty scary.
-- dpj
At 09:08 AM 10/11/00 -0400, Arnold G. Reinhold wrote:
My concern is that the vast majority of informed lay people, lawyers, judges, legislators, etc. will hear "non-repudiation" and hear "absolute proof." If you doubt this, read the breathless articles written recently about the new U.S. Electronic Signatures Act.
I don't think technologists should be free to use evocative terms and then define away their common sense meaning in the fine print. Certainly a valid public key signature is strong evidence and services like that described in the draft can be useful. I simply object to calling them "non-repudiation services." I would not object to "anti-repudiation services," "counter-repudiation services" or "repudiation-resistant technology." Would the banking industry employ terms like "forgery-proof checks," "impregnable vaults" or "pick-proof locks" to describe conventional security measures that were known to be fallible?