[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: matter of semantics

To: jar@ornl.gov
Subject: Re: matter of semantics
From: Carl Ellison <cme@cybercash.com>
Date: Mon, 17 Nov 1997 00:30:09 -0500
Cc: spki@c2.net
In-Reply-To: <01IPONHOZLVK8WYN85@FED.ORNL.GOV>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

>At an ESnet meeting, a lawyer gave us a talk on legal issues having to do 
>with 
>things like digital signatures. He said that the term "non-repudiation" is
>a legal misnomer because you can always repudiate anything (legally). He
>said that 
>the correct term is "non-deniability." I suggest that we change the 
>terminology 
>in the SPKI discussions.
>
>The reason is that a verified digital signature is correct and therefore 
>cannot 
>be denied. But, it can be repudiated. For example "I was called away from 
>my desk 
>and the screen saver was not engaged and someone came in an user the 
>running copy 
>of Netscape to send E-mail that was signed by my digital signature. This 
>was unauthorized and I repudiate it."

Jim,

	this is an excellent point -- but I'm not sure about the terminology.

	The world has been using the term "non-repudiation" for some time.  I agree 
with the lawyer you cite that public key technology doesn't achieve it, but 
I agree for technical reasons.

	When public key K1 is used to verify a digital signature, then we know for 
a fact that its associated private key created the signature.  Therefore, by 
definition, we know that (keyholder(K1)) caused that signature to happen.  
The only question remaining is who that keyholder was at the time of the 
signature.

	That's something we have no control over.  No certificate definition can 
influence who controls a given private key at some time in the future.  It 
is possible that some law (e.g., Utah) might declare that if a certificate 
is issued by a state approved CA to someone, then that person becomes 
legally responsible for the actions of his/her private key (as a parent is 
responsible for the actions of a minor child).  In such a case, I for one 
would decline to accept a certificate from a qualifying CA.

 - Carl


-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBNG/WUhN3Wx8QwqUtAQFRugQAlH3arGKYBIMALYORsd/Kls8kqLAHA8Yk
gvzu3ccnN5sQas74cu5zBwFoAtlmIwy4CLsEIUANNGXn+sl5LhL1c8n/G+J+iUiw
jAf67Nc5ZzTo0ftXBv+RLne9ydzouZ34VX7ikQ7q8iQuXLZKUbIQC2u53Z2538WT
HRaOWFJ4uEc=
=FYtK
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

Follow-Ups:

Key Signatures Issues - Re: matter of semantics

From: stewarts@ix.netcom.com

References:

matter of semantics

From: jar@ornl.gov

Prev by Date: Re: non-key-sharing
Next by Date: Re: non-key-sharing
Prev by thread: matter of semantics
Next by thread: Key Signatures Issues - Re: matter of semantics
Index(es):
- Main
- Thread