CDR: Re: Non-Repudiation in the Digital Environment (was Re: First Monday August 2000)

[Ed Gerck]

Tony,

Your examples were so bad!

;-) of course, I meant "good" as in that new IBM commercial where the IBM guy says that
the IBM laptop is "bad" ;-)

I appreciate your comments and, yes, very often society uses contrary words to
mean another thing.

But if we step aside a bit from the usefulness or not of dumbed down soundbites
or current slang in technical documents that should be precise, I see this
"identity theft" discussion mainly as a counterexample to those that like to require
a legal context to every word -- whereas we do not even have a worldwide legal context.
As we saw,  lawyers and lawmakers are oftentimes the first ones to use the term
"identifty theft" -- which simply is not a theft, it is impersonation.  Of course, I
continue to hope that we in crypto don't have to use "identity theft" as well. But,
should they can continue to use it?

Some lawyers don't think so, including Mac Norton in this list who wrote:

 Speaking as a lawyer, one of "they,", they should not continue to use
 it.  Identity theft might be accomplishable in some scenario, one in which
 I somehow induced amnesia in you, for example, but otherwise the use of
 the term to cover what you rightly point is simply impersonation, does a
 disservice to my profession as well as yours.

I also think that using "identity theft" for what actually is impersonation
is a disservice to our profession. In the same way that I think we need to
make sure lay people understand that non-repudiation in the technical realm
is not an absolute authentication or undeniable proof.  If we can only this,
deny that non-repudiation means undeniable proof, it will be already very useful.
Then, we may be able to apply the concept of non-repudiation as we feel the need
for it in protocols -- and note that we did not invent it, rather we discovered it.  
Authentication is not sufficient to describe validity. 

Cheers,

Ed Gerck