Amir Herzberg wrote: > > Ben, Carl and others, > > At 18:23 21/12/2003, Carl Ellison wrote: > > > > >and it included non-repudiation which is an unachievable, > > > nonsense concept. > > Any alternative definition or concept to cover what protocol designers > usually refer to as non-repudiation specifications? For example > non-repudiation of origin, i.e. the ability of recipient to convince a > third party that a message was sent (to him) by a particular sender (at > certain time)? > > Or - do you think this is not an important requirement? > Or what?
I would second this call for some definition! FWIW, I understand there are two meanings: some form of legal inability to deny responsibility for an event, and cryptographically strong and repeatable evidence that a certain piece of data was in the presence of a private key at some point. Carl and Ben have rubbished "non-repudiation" without defining what they mean, making it rather difficult to respond. Now, presumably, they mean the first, in that it is a rather hard problem to take the cryptographic property of public keys and then bootstrap that into some form of property that reliably stands in court. But, whilst challenging, it is possible to achieve legal non-repudiability, depending on your careful use of assumptions. Whether that is a sensible thing or a nice depends on the circumstances ... (e.g., the game that banks play with pin codes). So, as a point of clarification, are we saying that "non-repudiability" is ONLY the first of the above meanings? And if so, what do we call the second? Or, what is the definition here? >From where I sit, it is better to term these as "legal non-repudiability" or "cryptographic non-repudiability" so as to reduce confusion. iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]