legal vs crypto definition of non repudiation
Looking at my logs the other day, I noticed that my
post on the problems with non-repudiation briefly snuck into googles top 20 results for non-repudiation -- very surprising. Perusing the other results I ran across this
article on non-Repudiation in FirstMonday. They compare the common law definition of repudiation to the crypto definition:
The basis for a repudiation of a traditional signature may include:
* The signature is a forgery;
* The signature is not a forgery, but was obtained via:
o Unconscionable conduct by a party to a transaction;
o Fraud instigated by a third party;
o Undue influence exerted by a third party.
... The general rule of evidence is that if a person denies a particular signature then it falls upon the relying party to prove that the signature is truly that of the person denying it.
...There is a clear contradictory position between the technical meaning and the legal meaning of the term "non-repudiation" where there is a clear case of forgery as regards to an alleged digital signature.
So, seems clear that crypto non-repudiation only really deals with the first case above (signature is a forgery), and that only poorly. [via
Carl Ellisons Rant on Non-Repudiation]
Posted by dapkus at December 10, 2003 12:54 PM
| TrackBack