December 10, 2003

legal vs crypto definition of non repudiation

Looking at my logs the other day, I noticed that my post on the problems with non-repudiation briefly snuck into googles top 20 results for non-repudiation -- very surprising. Perusing the other results I ran across this article on non-Repudiation in FirstMonday. They compare the common law definition of repudiation to the crypto definition:
The basis for a repudiation of a traditional signature may include: * The signature is a forgery; * The signature is not a forgery, but was obtained via: o Unconscionable conduct by a party to a transaction; o Fraud instigated by a third party; o Undue influence exerted by a third party. ... The general rule of evidence is that if a person denies a particular signature then it falls upon the relying party to prove that the signature is truly that of the person denying it. ...There is a clear contradictory position between the technical meaning and the legal meaning of the term "non-repudiation" where there is a clear case of forgery as regards to an alleged digital signature.
So, seems clear that crypto non-repudiation only really deals with the first case above (signature is a forgery), and that only poorly. [via Carl Ellisons Rant on Non-Repudiation] Posted by dapkus at December 10, 2003 12:54 PM | TrackBack