[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: matter of semantics

To: spki@c2.net, jar@ornl.gov
Subject: Re: matter of semantics
From: Bob Jueneman <BJUENEMAN@novell.com>
Date: Thu, 06 Nov 1997 11:36:14 -0700
Sender: owner-spki@c2.net

Almost every lawyer who is coming up to speed on digital signatures objects
to the use of the term nonrepudiation, with similar examples.

And it is true that even a wet ink signature can be repudiated, if it can be
shown that the signature was made by someone who was legally incompetent to
sign a contract (e.g., under age), mentally incompetent, under duress, or as
a result of fraud, misrepresentation, or bad counsel.

Non-deniability sounds like a good term, but I have not heard a single
lawyer use it in all of the discussions I have been party to for the last 5
years or more, so I would hesitate to say that it had any particular kind of
stature in the legal community.

On the other hand, the ABA Digital Signature Guidelines does use the term
nonrepudiation extensively.  The definition is as follows:

"1.20 Nonrepudiation

Strong and substantial evidence of the identity of the signer of a message
and of message integrity, sufficient to prevent a party from successfully
denying the origin, submission or delivery of the message and the integrity
of its contents."

I believe that language has been picked up by a number of state statutes,
and I would feel quite comfortable using it.

Bob



Robert R. Jueneman
Security Architect
Novell, Inc.
Network Services Division
122 East 1700 South
Provo, UT 84604
801/861-7387
bjueneman@novell.com

"If you are tring to get to the moon, climbing a tree, 
although a step in the right direction, will not prove 
to be very helpful."

"The most dangerous strategy is to cross the chasm in two leaps."


>>> <jar@ornl.gov> 11/06 7:23 AM >>>
At an ESnet meeting, a lawyer gave us a talk on legal issues having to do
with 
things like digital signatures. He said that the term "non-repudiation" is a

legal misnomer because you can always repudiate anything (legally). He said
that 
the correct term is "non-deniability." I suggest that we change the
terminology 
in the SPKI discussions.

The reason is that a verified digital signature is correct and therefore
cannot 
be denied. But, it can be repudiated. For example "I was called away from my
desk 
and the screen saver was not engaged and someone came in an user the running
copy 
of Netscape to send E-mail that was signed by my digital signature. This was

unauthorized and I repudiate it."

Jim Rome
Oak Ridge National Laboratory

Prev by Date: Re: non-key-sharing
Next by Date: Re: matter of semantics
Prev by thread: Re: Key Signatures Issues - Re: matter of semantics
Next by thread: Re: matter of semantics
Index(es):
- Main
- Thread