[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: matter of semantics


>At an ESnet meeting, a lawyer gave us a talk on legal issues having to do 
>things like digital signatures. He said that the term "non-repudiation" is
>a legal misnomer because you can always repudiate anything (legally). He
>said that 
>the correct term is "non-deniability." I suggest that we change the 
>in the SPKI discussions.
>The reason is that a verified digital signature is correct and therefore 
>be denied. But, it can be repudiated. For example "I was called away from 
>my desk 
>and the screen saver was not engaged and someone came in an user the 
>running copy 
>of Netscape to send E-mail that was signed by my digital signature. This 
>was unauthorized and I repudiate it."


	this is an excellent point -- but I'm not sure about the terminology.

	The world has been using the term "non-repudiation" for some time.  I agree 
with the lawyer you cite that public key technology doesn't achieve it, but 
I agree for technical reasons.

	When public key K1 is used to verify a digital signature, then we know for 
a fact that its associated private key created the signature.  Therefore, by 
definition, we know that (keyholder(K1)) caused that signature to happen.  
The only question remaining is who that keyholder was at the time of the 

	That's something we have no control over.  No certificate definition can 
influence who controls a given private key at some time in the future.  It 
is possible that some law (e.g., Utah) might declare that if a certificate 
is issued by a state approved CA to someone, then that person becomes 
legally responsible for the actions of his/her private key (as a parent is 
responsible for the actions of a minor child).  In such a case, I for one 
would decline to accept a certificate from a qualifying CA.

 - Carl

Version: PGP for Personal Privacy 5.0
Charset: noconv


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |

Follow-Ups: References: