[rus-wg] RUS Specification - non-repudiation
Jon MacLaren
maclaren at cct.lsu.edu
Fri Apr 8 09:21:05 CDT 2005
On Apr 8, 2005, at 7:26 AM, Steven Newhouse wrote:
>> If the submission comes over a connection secured by the
>> client certificate, the recipient knows who made the submission,
>> but still lacks evidence to _prove_ that the recipient made
>> the submission.
>
> Would this be resolved if we stored the original signed message that
> came in from the client. This would _requure_ that the client signed
> the message.
Yes, you'd need to store the original signed message.
>
> This would leave are options to be...
>
> 1. Lower/remove the requirement for non-repudiation. From what I've
> heard this would not satisfy the current deployment requirements.
>
> 2. Require that the message is signed by the client before sending to
> the RUS. Would need to mandate (minimally) the message signing
> component from WS-Security.
As I said a couple of days ago, I wouldn't want to see transport level
security ruled out. WS-Security is for message-level security for SOAP
messages. At Manchester, we've used HTTPS transport level security
quite successfully. That should be fine too - we can specify that an
X509 cert must be used.
Also, how about option 3. Make the non-repudiation message-storing
stuff optional. Some people aren't going to be interested in this. We
can say how it should be done if it's going to be supported, I guess.
>> By the way, the policy of some CA's, including the UK
>> e-Science CA, does not support the use of its certificates
>> for non-repudiation.
>
> I'd suggest we need to draw the line round what we can or can't
> consider... this would be outside...?
So I think Stephen is referring to the X509 V3 Key Usage stuff, which
is contained in an X509 Certificate. I remember looking at this stuff
when I was changing the config for the EUROGRID CA, which I used to
operate. We omitted the "Non repudiation" bit.
In any case, this flag would just seem to be an endorsement by the CA
that says "I am sufficiently confident in the integrity of the CA that
you can go ahead and use these signatures to try to prove that someone
did something." But even if this flag is omitted, this is really just
a form of disclaimer by the CA, avoiding responsibility. It wouldn't
mean that a third party, e.g. the RUS, couldn't try to use the
certificates for this purpose - it just does this without the blessing
on the CA.
So I don't think that this flag affects what we should do with the
software.
Jon.
More information about the rus-wg
mailing list