CDR: Re: Non-Repudiation in the Digital Environment (was Re: First Monday August 2000)
Arnold G. Reinhold
reinhold at world.std.com
Wed Oct 11 06:08:37 PDT 2000
At 2:24 PM -0700 10/10/2000, Ed Gerck wrote:
>"Arnold G. Reinhold" wrote:
>
>> You may well be right about the accepted definition of
>> non-repudiation, but if you are then I would amend my remarks to say
>> that known cryptographic technology cannot provide non-repudiation
>> service unless we are willing to create a new legal duty for
>> individuals and corporations to protect their secret key or accept
>> what ever consequences ensue. I don't think that is acceptable.
>
>Non-repudiation is, according to how myself and the PKIX WG consensus
>views it, a useful concept both in technical as well as in legal
>terms. Further,
>neither myself nor the specific discussion in the PKIX WG saw any need to
>require a specific legal framework to talk about technical applications
>of the non-repudiation concept. So, yes, technology can provide
>for non-repudiation services and the question whether or not these
>services are useful to provide evidences to a legal layer depends on
>many *other* considerations -- such as for example the legal regime
>(common law, civil law, statutes, contracts, etc.), which we do not control.
>What we can do on the technical side is provide protocols (with and without
>crypto -- for example, with timestamps that may be signed or made available
>in a tamperproof public record) that support non-repudiation as a service that
>prevents the denial of an act. This service is completely different from a
>service that proves an act, which is authentication. Neither of
>these services is
>absolute, though, and thus the notion of non-repudiation cannot be of an
>absolute answer. This is a common point between law and technology --
>anything can be repudiated.
>
>> I find the rest of your comment a tad too opaque. Could you give
>> some examples of what you have in mind?
>
>You can check for example
>http://www.imc.org/draft-ietf-pkix-technr or
>ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-technr-01.txt
>
The Abstract of the draft-ietf-pkix-technr says
> This document describes those features of a service which processes
> signed documents which must be present in order for that service to
> constitute a "technical non-repudiation" service. A technical
> non-repudiation service must permit an independent verifier to
> determine whether a given signature was applied to a given data
> object by the private key associated with a given valid certificate,
> at a time later than the signature. The features of a technical non-
> repudiation service are expected to be necessary for a full non-
> repudiation service, although they may not be sufficient.
>
My original point was the the technical definition of non-repudiation
was much narrower that the legal definition. This draft seems to
agree. It goes on to say:
> The NR service is expected to provide evidence that a given object
> was signed by the private key corresponding to a given certificate
> which was valid at the time of signature. It is not anticipated that
> the use of the NR service will ordinarily constitute execution of a
> contract, or acceptance of any other legal obligation. It is
> anticipated that any use of this service in accepting legal
> obligations would be the subject of legislation or judicial decision
> in various jurisdictions, which are likely to lay additional
> technical burdens upon the provision of such a service to such an
> extent as to constitute another, larger service which need not be the
> same in all jurisdictions. It is outside the scope of the definition
> of this service to provide evidence that the signer and the subject
> of the signing certificate are the same, that the signer has been
> adequately informed of the content which is signed, that the signer
> is not acting under duress, etc.
My concern is that the vast majority of informed lay people, lawyers,
judges, legislators, etc. will hear "non-repudiation" and hear
"absolute proof." If you doubt this, read the breathless articles
written recently about the new U.S. Electronic Signatures Act.
I don't think technologists should be free to use evocative terms and
then define away their common sense meaning in the fine print.
Certainly a valid public key signature is strong evidence and
services like that described in the draft can be useful. I simply
object to calling them "non-repudiation services." I would not object
to "anti-repudiation services," "counter-repudiation services" or
"repudiation-resistant technology." Would the banking industry employ
terms like "forgery-proof checks," "impregnable vaults" or
"pick-proof locks" to describe conventional security measures that
were known to be fallible?
Arnold Reinhold
More information about the cypherpunks-legacy
mailing list