Question on non-repudiation
Robert Hettinga
rah at shipwright.com
Wed Nov 13 08:43:39 PST 1996
--- begin forwarded text
Date: Wed, 13 Nov 1996 04:11:08 -0500 (EST)
X-Sender: field at pop.pipeline.com
Mime-Version: 1.0
To: John Lowry <jlowry at BBN.COM>
From: "Richard L. Field" <field at pipeline.com>
Subject: RE: Question on non-repudiation
Cc: set-discuss at commerce.net
Sender: owner-set-talk at commerce.NET
Precedence: bulk
+----------------------------------------------------+
Addressed to: set-discuss at commerce.net
+----------------------------------------------------+
As chair of the ABA's Electronic Commerce Payment Committee and a member
of the drafting team for its Digital Signature Guidelines, I suppose I am
one of the people expected to "solve" the non-repudiation problem through
legal means.
Notwithstanding any technical or procedural proofs, there is no absolute
non-repudiation, as a legal matter, unless a statute is enacted to that
effect. For consumers in the U.S., there is no indication that this will
happen. The applicable laws governing credit cards and the consumer use of
debit cards specify that the customer can repudiate any unauthorized
transaction, and that it is left to his bank/issuer to prove that the
transaction was actually performed by that customer or under his authority.
Even if technical means are used to ensure that the customer will always
retain solitary access control to the account (by biometric means, for
example), he can still claim coercion, error with respect to legal capacity,
etc. Where software-based keys are used to confirm identity and/or
authority to enter into a transaction, there are additional risks of error
or fraud associated with initially obtaining a key and tying it to an
identity, as well as the ongoing association between the key and the
identity and/or authority.
In these cases some third party ("trusted" CA, etc.) could step in and
contractually agree to bear all risk of customer repudiation, but given the
relatively low value of the average transaction that would be unlikely.
Additionally, in some countries laws may shift the risk of loss absolutely
to the customer or otherwise prevent him from repudiating a transaction. To
some degree, this is the direction taken in the U.S. laws governing
commercial wire transfers. If there are any countries contemplating the
enactment of laws that would absolutely bind a person whenever his private
key has been used, I would be most interested in hearing about them.
- Richard Field
At 11:35 AM 11/12/96 -0500, you wrote:
>+----------------------------------------------------+
>Addressed to: set-discuss at commerce.net
>+----------------------------------------------------+
>
>Not to be argumentative but non-repudiation can be established
>technically. The formal definition requires that through technical
>and procedural proofs a party cannot repudiate a transaction. The
>law may not recognize those techniques and procedures for contractual
>purposes today but the ABA is working on it....
------------------------------------------------------------------------
This message was sent by set-discuss at commerce.net. For a complete listing
of available commands, please send mail to 'majordomo at commerce.net'
with 'help' (no quotations) contained within the body of your message.
--- end forwarded text
-----------------
Robert Hettinga (rah at shipwright.com)
e$, 44 Farquhar Street, Boston, MA 02131 USA
"The cost of anything is the foregone alternative" -- Walter Johnson
The e$ Home Page: http://www.vmeng.com/rah/
More information about the cypherpunks-legacy
mailing list