[rus-wg] RUS Specification - non-repudiation

Jon MacLaren maclaren at cct.lsu.edu
Fri Apr 8 09:21:05 CDT 2005 

On Apr 8, 2005, at 7:26 AM, Steven Newhouse wrote:

>> If the submission comes over a connection secured by the
>> client certificate, the recipient knows who made the submission,
>> but still lacks evidence to _prove_ that the recipient made
>> the submission.
>
> Would this be resolved if we stored the original signed message that 
> came in from the client. This would _requure_ that the client signed 
> the message.

Yes, you'd need to store the original signed message.

>
> This would leave are options to be...
>
> 1. Lower/remove the requirement for non-repudiation. From what I've 
> heard this would not satisfy the current deployment requirements.
>
> 2. Require that the message is signed by the client before sending to 
> the RUS. Would need to mandate (minimally) the message signing 
> component from WS-Security.

As I said a couple of days ago, I wouldn't want to see transport level 
security ruled out.  WS-Security is for message-level security for SOAP 
messages.  At Manchester, we've used HTTPS transport level security 
quite successfully.  That should be fine too - we can specify that an 
X509 cert must be used.

Also, how about option 3. Make the non-repudiation message-storing 
stuff optional.  Some people aren't going to be interested in this.  We 
can say how it should be done if it's going to be supported, I guess.

>> By the way, the policy of some CA's, including the UK
>> e-Science CA, does not support the use of its certificates
>> for non-repudiation.
>
> I'd suggest we need to draw the line round what we can or can't 
> consider... this would be outside...?

So I think Stephen is referring to the X509 V3 Key Usage stuff, which 
is contained in an X509 Certificate.  I remember looking at this stuff 
when I was changing the config for the EUROGRID CA, which I used to 
operate.  We omitted the "Non repudiation" bit.

In any case, this flag would just seem to be an endorsement by the CA 
that says "I am sufficiently confident in the integrity of the CA that 
you can go ahead and use these signatures to try to prove that someone 
did something."  But even if this flag is omitted, this is really just 
a form of disclaimer by the CA, avoiding responsibility.  It wouldn't 
mean that a third party, e.g. the RUS, couldn't try to use the 
certificates for this purpose - it just does this without the blessing 
on the CA.

So I don't think that this flag affects what we should do with the 
software.

Jon.

More information about the rus-wg mailing list