CDR: Re: Non-Repudiation in the Digital Environment (was Re: First Monday August 2000)

Arnold G. Reinhold reinhold at world.std.com
Wed Oct 11 06:08:37 PDT 2000


At 2:24 PM -0700 10/10/2000, Ed Gerck wrote:
>"Arnold G. Reinhold" wrote:
>
>> You may well be right about the accepted definition of
>> non-repudiation, but if you are then I would amend my remarks to say
>> that known cryptographic technology cannot provide non-repudiation
>> service unless we are willing to create a new legal duty for
>> individuals and corporations to protect their secret key or accept
>> what ever consequences ensue.  I don't think that is acceptable.
>
>Non-repudiation is, according to how myself and the PKIX WG consensus
>views it, a useful concept both in technical as well as in legal 
>terms.  Further,
>neither myself nor the specific discussion in the PKIX WG saw any need to
>require a specific legal framework to talk about technical applications
>of the non-repudiation concept.  So, yes, technology can provide
>for non-repudiation services and the question whether or not these
>services are useful to provide evidences to a legal layer depends on
>many *other* considerations -- such as for example the legal regime
>(common law, civil law, statutes, contracts, etc.), which we do not control.
>What we can do on the technical side is provide protocols (with and without
>crypto -- for example, with timestamps that may be signed or made available
>in a tamperproof public record) that support non-repudiation as a service that
>prevents the denial of an act. This service is completely different from a
>service that proves an act, which is authentication.  Neither of 
>these services is
>absolute, though, and thus the notion of non-repudiation cannot be of an
>absolute answer. This is a common point between law and technology --
>anything can be repudiated.
>
>> I find the rest of your comment a tad too opaque.  Could you give
>> some examples of what you have in mind?
>
>You can check  for example
>http://www.imc.org/draft-ietf-pkix-technr or
>ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-technr-01.txt
>

The Abstract of the draft-ietf-pkix-technr says

>        This document describes those features of a service which processes
>        signed documents which must be present in order for that service to
>        constitute a "technical non-repudiation" service.  A technical
>        non-repudiation service must permit an independent verifier to
>        determine whether a given signature was applied to a given data
>        object by the private key associated with a given valid certificate,
>        at a time later than the signature.  The features of a technical non-
>        repudiation service are expected to be necessary for a full non-
>        repudiation service, although they may not be sufficient.
>


My original point was the the technical definition of non-repudiation 
was much narrower that the legal definition.  This draft seems to 
agree. It goes on to say:

>        The NR service is expected to provide evidence that a given object
>        was signed by the private key corresponding to a given certificate
>        which was valid at the time of signature.  It is not anticipated that
>        the use of the NR service will ordinarily constitute execution of a
>        contract, or acceptance of any other legal obligation.  It is
>        anticipated that any use of this service in accepting legal
>        obligations would be the subject of legislation or judicial decision
>        in various jurisdictions, which are likely to lay additional
>        technical burdens upon the provision of such a service to such an
>        extent as to constitute another, larger service which need not be the
>        same in all jurisdictions.  It is outside the scope of the definition
>        of this service to provide evidence that the signer and the subject
>        of the signing certificate are the same, that the signer has been
>        adequately informed of the content which is signed, that the signer
>        is not acting under duress, etc.


My concern is that the vast majority of informed lay people, lawyers, 
judges, legislators, etc. will hear "non-repudiation" and hear 
"absolute proof."  If you doubt this, read the breathless articles 
written recently about the new U.S. Electronic Signatures Act.

I don't think technologists should be free to use evocative terms and 
then define away their common sense meaning in the fine print. 
Certainly a valid public key signature is strong evidence and 
services like that described in the draft can be useful. I simply 
object to calling them "non-repudiation services." I would not object 
to "anti-repudiation services,"  "counter-repudiation services"  or 
"repudiation-resistant technology." Would the banking industry employ 
terms like "forgery-proof checks," "impregnable vaults" or 
"pick-proof locks" to describe conventional security measures that 
were known to be fallible?

Arnold Reinhold





More information about the cypherpunks-legacy mailing list