Arnold, Internet RFCs are technical specifications that use common English words in a strictly defined manner. To suggest that the use of names in computer code or Internet RFCs might have legal implications ... imagine lawyers examining some code and trying to attach meaning to variable names? Or to UNIX commands? For example, to kill or killall? Context dependent vocabulary can become highly amusing or disastrous if taken in a universal context, as was recently pointed out in the PKIX list by Peter Gien when someone complained about the legal implications of "good" as defined in RFC 2560. Non-repudiation is not different. In the crypto and RFC realm it means "a service that prevents the denial of an act" [Handbook of Cryptography, X.509, PKIX]. Different lawyers in different countries may define whatever they want but I note that the legal use of "non-repudiation" by banks worldwide is very similar to "a service that prevents the denial of an act". Cheers, Ed Gerck "Arnold G. Reinhold" wrote:
My concern is that the vast majority of informed lay people, lawyers, judges, legislators, etc. will hear "non-repudiation" and hear "absolute proof." If you doubt this, read the breathless articles written recently about the new U.S. Electronic Signatures Act.
I don't think technologists should be free to use evocative terms and then define away their common sense meaning in the fine print. Certainly a valid public key signature is strong evidence and services like that described in the draft can be useful. I simply object to calling them "non-repudiation services." I would not object to "anti-repudiation services," "counter-repudiation services" or "repudiation-resistant technology." Would the banking industry employ terms like "forgery-proof checks," "impregnable vaults" or "pick-proof locks" to describe conventional security measures that were known to be fallible?