[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: matter of semantics

Almost every lawyer who is coming up to speed on digital signatures objects
to the use of the term nonrepudiation, with similar examples.

And it is true that even a wet ink signature can be repudiated, if it can be
shown that the signature was made by someone who was legally incompetent to
sign a contract (e.g., under age), mentally incompetent, under duress, or as
a result of fraud, misrepresentation, or bad counsel.

Non-deniability sounds like a good term, but I have not heard a single
lawyer use it in all of the discussions I have been party to for the last 5
years or more, so I would hesitate to say that it had any particular kind of
stature in the legal community.

On the other hand, the ABA Digital Signature Guidelines does use the term
nonrepudiation extensively.  The definition is as follows:

"1.20 Nonrepudiation

Strong and substantial evidence of the identity of the signer of a message
and of message integrity, sufficient to prevent a party from successfully
denying the origin, submission or delivery of the message and the integrity
of its contents."

I believe that language has been picked up by a number of state statutes,
and I would feel quite comfortable using it.


Robert R. Jueneman
Security Architect
Novell, Inc.
Network Services Division
122 East 1700 South
Provo, UT 84604

"If you are tring to get to the moon, climbing a tree, 
although a step in the right direction, will not prove 
to be very helpful."

"The most dangerous strategy is to cross the chasm in two leaps."

>>> <jar@ornl.gov> 11/06 7:23 AM >>>
At an ESnet meeting, a lawyer gave us a talk on legal issues having to do
things like digital signatures. He said that the term "non-repudiation" is a

legal misnomer because you can always repudiate anything (legally). He said
the correct term is "non-deniability." I suggest that we change the
in the SPKI discussions.

The reason is that a verified digital signature is correct and therefore
be denied. But, it can be repudiated. For example "I was called away from my
and the screen saver was not engaged and someone came in an user the running
of Netscape to send E-mail that was signed by my digital signature. This was

unauthorized and I repudiate it."

Jim Rome
Oak Ridge National Laboratory