RE: [dss] EPM use cases: some questions and one requeriment.

[Trevor Perrin <trevp@trevp.net>]

Hi Ed,

inline, some questions we can discuss on the call -

At 12:28 AM 6/26/2003 -0400, Edward Shallow wrote:

>-----Original Message-----
>From: Trevor Perrin [mailto:trevp@trevp.net]
>Sent: June 25, 2003 2:01 PM
>To: Gray Steve; dss@lists.oasis-open.org
>Cc: Ed Shallow (E-mail)
>
>Thanks,
>
>My questions that remain, which we can discuss in email or at the concall:
>
>What is the point of the sender acquiring a "postmark" on his document?
><ed>
>In short, non-repudiation of origin (ref. ISO/IEC 13888-1-2-3). Regardless
>of which legal position or non-repudiation model one subscribes to, the
>re-production of evidence by Trusted Third Parties of these elements of
>non-repudiation are crucial. In fact much of the motivation behind
>deployment of trusted computing systems is the pursuit of this
>trustworthiness. IMHO to de-scope these subjects from the domain of a public
>protocol which professes to address digital signature creation and
>verification would result in a non-achievement.
>
>Refs:
>ETSI 101-733 and 101-903 OASIS CoverPages, Abstract and Links
>http://xml.coverpages.org/ni2002-04-24-a.html
>Non-Repudiation in the Digital Environment, McCullagh and Caelli
>http://www.firstmonday.dk/issues/issue5_8/mccullagh/#note13
>"UNCITRAL Model Law on Electronic Commerce with Guide to Enactment" Article
>13, at http://www.un.or.at/uncitral/texts/electcom/ml-ec.html
>American Bar Association Guidelines for Digital Signatures," at
>http://www.abanet.org/scitech/ec/isc/dsgfree.html
></ed>

I think you're arguing that "re-production of evidence by Trusted Third 
Parties of [...] elements of non-repudiation are crucial" to verifying 
digital signatures.  I thought the point of digital signatures, and 
certificates, and time-stamps, is that Alice can create a time-stamped 
signature, and Bob can verify it, and if there's a dispute Judge Judy can 
verify it, but there's no need for a TTP to store something for every 
signature.

I only skimmed through the references, but they seemed to support this:

According to the ABA reference,
  - section 5.1 - "A message bearing a digital signature verified by the 
public key listed in a valid certificate is as valid, effective, and 
enforceable as if the message had been written on paper."
  - section 5.2 - "Where a rule of law requires a signature, or provides 
for certain consequences in the absence of a signature, that rule is 
satisfied by a digital signature which is (1) affixed by the signer with 
the intent of signing the message, and (2) verified by reference to the 
public key listed in a valid certificate."

According to ISO/IEC 13888-3,
  - section 8.1 - "An NRO token is used to provide protection against the 
originator's false denial of having originated the message.  The NRO token 
is generated by the originator A of the message m (or authority C), sent by 
A to the recipient B, [and] stored by the recipient B after 
verification."  The definitions that follow make it clear that such a 
non-repudiation-of-origin-token is basically just the signer's public-key 
signature on a message.
This document also mentions possible roles for 3rd parties such as CAs and 
TSAs, and "Notary Authorities" (similar to a DSS signing service) and 
"Evidence Recording Authorities".  But the last two are in an informative 
annex (as opposed to normative, I guess), and there's no mention of them 
being required for verifying signatures.


>To whom is this postmark meaningful, and what does it mean?
>
><ed>
>In certain scenarios and/or jurisdictions the onus of proof in the event of
>a legal challenge on the alleged signing of a document may rest with the
>signator. In such cases and scenarios, a receipt of non-repudiation of
>origin (what we innocently label the PostMark) would be valuable and worth
>paying for.[...]
></ed>

I'm not sure what you mean by "receipt of non-repudiation of origin", but 
it sounds like a non-repudiation of origin token per ISO/IEC 13888-3, in 
which case I would think the the signer's time-stamped signature is sufficient.


>According to A11, "The main purpose of the EPM is to provide a
>non-repudiation service that attests Who, What, Why, When a document was
>signed, plus the archival service".  Isn't this provided by a normal,
>time-stamped digital signature?
>
><ed>
>No, it does not. Validity, integrity, and trustworthiness are still very
>much in doubt and inadmissable in nearly all jurisdictions.
></ed>

Could you give some examples?  I'm not aware of digital signature laws that 
require a TTP to create a "receipt of non-repudiation of origin" for each 
signature, or to archive each signature.  Though I don't know much about 
these laws in general.

Trevor