Ben Laurie wrote: > > Ian Grigg wrote: > > Carl and Ben have rubbished "non-repudiation" > > without defining what they mean, making it > > rather difficult to respond. > > I define it quite carefully in my paper, which I pointed to.
Ah. I did read your paper, but deferred any comment on it, in part because I didn't understand what its draft/publication status was. Ben Laurie said: > Probably because non-repudiation is a stupid idea: > http://www.apache-ssl.org/tech-legal.pdf. You didn't state which of the two definitions you were rubbishing, so I shall respond to both! Let's take the first definition - your "technical definition" (2.7): "Non-repudiation", in its technical sense, is a property of a communications system such that the system attributes the sending of a message to a person if, but only if, he did in fact send it, and records a person as having received a message if, but only if, he did in fact receive it. If such systems exist at all, they are very rare. Non-repudiability is often claimed to be a property of electronic signatures of the kind described above. This claim is unintelligible if "non-repudiation" is used in its correct technical sense, and in fact represents an attempt to confer a bogus technical respectability on the purely commercial assertion the the owners of private keys should be made responsible for their use, whoever in fact uses them. Some comments. 1. This definition seems to be only one of the many out there [1]. The use of the term "correct technical sense" then would be meaningless as well as brave without some support of references. Although it does suffice to ground the use within the paper. 2. The definition is muddied by including the attack inside the definition. The attack on the definition would fit better in section 6. "Is \non-repudiation" a useful concept?" 3. Nothing in either the definition 2.7 or the proper section of 6. tells us above why the claim is "unintelligable". To find this, we have to go back to Carl's comment which gets to the nub of the legal and literal meaning of the term: "To me, "repudiation" is the action only of a human being (not of a key)..." Repudiate can only be done by a human [2]. A key cannot repudiate, nor can a system of technical capabilities [3]. (Imagine here, a debate on how to tie the human to the key.) That is, it is an agency problem, and unless clearly cast in those terms, for which there exists a strong literature, no strong foundation can be made of any conclusions [4]. 4. The discussion resigns itself to being somewhat dismissive, by leaving open the possibility that there are alternative possibilities. There is a name for this fallacy, stating the general and showing only the specific, but I forget its name. In the first para, 2.7, it states that "If such systems exist at all, they are very rare." Thus, allowing for existance. Yet in the second para, one context is left as "unintelligable." In section 6, again, "most discussions ... are more confusing than helpful." This hole is created, IMHO, by the absence of Carl's killer argument in 3. above. Only once it is possible to move on from the fallacy embodied in the term repudiation itself, is it possible to start considering what is "good" and useful about the irrefutability (or otherwise) of a digital signature [5]. I.e., throwing out the bathwater is a fine and regular thing to do. Let's now start looking for the baby. > > But, whilst challenging, it is possible to > > achieve legal non-repudiability, depending > > on your careful use of assumptions. Whether > > that is a sensible thing or a nice depends > > on the circumstances ... (e.g., the game that > > banks play with pin codes). > > Actually, its very easy to achieve legal non-repudiability. You pass a > law saying that whatever-it-is is non-repudiable. I also cite an example > of this in my paper (electronic VAT returns are non-repudiable, IIRC). Which brings us to your second definition, again, in 2.7: To lawyers, non-repudiation was not a technical legal term before techies gave it to them. Legally it refers to a rule which defines circumstances in which a person is treated for legal purposes as having sent a message, whether in fact he did or not, or is treated as having received a message, whether in fact he did or not. Its legal meaning is thus almost exactly the opposite of its technical meaning. I am not sure that I'd agree that the legal fraternity thinks in the terms outlined in the second sentance. I'd be surprised if the legal fraternity said any more than "what you are trying to say is perhaps best seen by these sorts of rules..." Much of law already duplicates what is implied above, anyway, which makes one wonder (a) what is the difference between the above and the rules of evidence and presumption, etc, etc and (b) why did the legal fraternity adopt the techies' term with such abandon that they didn't bother to define it? In practice, the process of dispute resolution is very strongly oriented towards addressing evidence and moving it to a supported conclusion. A digital signature is evidence, and conclusions can be supported based on that evidence; what we techies should perhaps draw from this is that our efforts to define any new terms and any new procedures are childish in comparison to the logic and procedures developed in the forum of the law over the last few millenia. Next para: Such a rule may be imposed by law, as for example this rule: The person making the return to the Controller shall be presumed to be the person identifed as such by any relevant feature of the electronic return system.[2] I disagree [6]. That clause creates a presumption. Nothing in the clause states that this cannot be repudiated. In fact, careful examination of the preceeding clause concerning the time of the return indicates that "conclusive presumption" was preferred in this alternate time context. Thus, repudiation of the party is anticipated, and repudiation of the time is "ruled against" [7]. Further, repudiation as a word or concept does not appear in that act. What happens is that the act ties down the event of the return; it does not state that the return cannot be repudiated (although I grant that might occur elsewhere). In Section (4L)(a) it specifically raises a case of potential repudiation. The second (surveyors) clause/example is the same - it creates a presumption that can always be repudiated. In practice, the repudiation is an uncertain thing, as is all repudiations. But, it is not possible to conclude, AFAIK, in law, that the clause is non- repudiable, simply because it states so. Which all leads to this: I don't think you have nailed down any legal definition of non-repudiability. Or, if that is what it is, the legal fraternity also knows that the techies' definition is a chimera, a mere hope on which to attach the use of dig sigs, in which case, this logic needs to be explained within the paper - that the definition doesn't exist. In essence, I can imagine a lawyer saying "yes, we already do what you are aiming for (presumption), but, your technical non-repudiability is impossible under the law because the law doesn't think in those terms..." Nor does the paper nail why it doesn't make sense. It omits the killer argument that the process of the dispute resolution moves from evidence to application of law to ruling; a statement of non-repudiability is meaningless in that context. (A lawyer would need to make this argument more carefully - I am not such and am conscious that I also haven't nailed it myself :) > Read my paper (it was co-authored with a lawyer, so I believe we've got > both the crypto and legal versions covered). I note the English & Wales legal context. If there is a law that covers non-repudiation, by technical means, that would definately effect the nature of the discussion. iang [1] ref: Lynn's post that pointed at the ISO SC27 definitions: http://www.garlic.com/~lynn/aadsm11.htm#14 [2] http://dictionary.reference.com/search?q=repudiate ... 1.To reject the validity or authority of: "Chaucer... not only came to doubt the worth of his extraordinary body of work, but repudiated it" (Joyce Carol Oates). 2.To reject emphatically as unfounded, untrue, or unjust: repudiated the accusation. 3.To refuse to recognize or pay: repudiate a debt. 4. a.To disown (a child, for example). b.To refuse to have any dealings with. For most relevance, examine 3., 4.a. [3] This is in part an assumption, as I am assuming here that AI and similar things cannot enter into contracts, or, if they do so, they are then persons, and thus the model stands. We can test this by determining as to whether these "new persons" can take standing in a forum of dispute resolution. Lawyers might like to comment on that, and as I say, it's an assumption! [4] Agency problems are ones where a principal delegates powers to an agent, and those powers are used or abused according to the incentives and circumstances. Canonically, a shop owner employs an assistant to mind the counter; does the money taken in by sales made by the assistant go into his pocket, or her cashbox? [5] Irrefutability I proposed in an earlier email, and as yet lacks any credibility. [6] Link reproduced: http://www.hmso.gov.uk/si/si2000/20000258.htm [7] ruled against more firmly, perhaps. There is nothing stopping a repudiation of the time, and presenting the reasons to the judge. That's part of the process. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]