://www.nabble.com/Non-Repudiation-error-in-MIC-calculation-tp17994998p17994998.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing
Hi all,
Does SSL provide non-repudiation service and if it does
how? Thanks. Wish you all the best
Best regards,
Jordan CN CHONG
__
OpenSSL Project http://www.openssl.org
User Support
Does SSL provide non-repudiation service and if it does
how? Thanks. Wish you all the best
The SSL protocol requires both sides to share a session key, so
NR isn't possible using the protocol -- either side could claim
the other (a) forged data; or (b) allowed the key to escape
Neil,
First of all, thanks for your response.
On 24 Nov 99, at 14:02, Neil Costigan wrote:
mini-advert
To address the non-repudiation / SSL issue
We at Celo developed, over the OpenSSL libs, a web browser plugin
that allows a web content author to 'demand' that a user digitally sign
mini-advert
To address the non-repudiation / SSL issue
We at Celo developed, over the OpenSSL libs, a web browser plugin
that allows a web content author to 'demand' that a user digitally sign
(using pkcs7/smime)
some data pushed out from a web server.
It is envoked by standard plugin
in the physical telephone-ordering world
for B2C doesn't have any non-repudiation of an order, unless they record the
phone call.
Cheers,
Paul
--
Paul Ford-Hutchinson : EMEA eCommerce application security :
[EMAIL PROTECTED]
OSU-1, IBM , PO Box 31, Birmingham Rd, Warwick, CV34 5YR +44 (0)1926 462005
). The only thing the client cannot deny is that
he has made a secure connection with my webserver, but apart from that
nothing can be proven.
Is this right, and if yes, is there a way within SSL (openssl) to
provide non-repudiation?
Thanks for your attention,
Maurice
--
Maurice klein Gebbinck
(which I can since I
know the symmetric key). The only thing the client cannot deny is that
he has made a secure connection with my webserver, but apart from that
nothing can be proven.
Is this right, and if yes, is there a way within SSL (openssl) to
provide non-repudiation?
It sounds right
). The only thing the client cannot deny is that
he has made a secure connection with my webserver, but apart from that
nothing can be proven.
Is this right, and if yes, is there a way within SSL (openssl) to
provide non-repudiation?
In a word: No.
-Ekr
[Eric Rescorla