[legalxml-enotary] Re: Nonrepudiation--- yearly tradition

[John Messing <jmessing@law-on-line.com>]

Cross-posted from the ABA Information Security List

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

A distinction between proof of origin, proof of commitment, and proof of contents is helpful and I think Hans has provided a useful point of departure.

A digital signature should be considered a useful method for determining message origin in terms of network address, as Hans points out.

Proof of commitment should not be determined IMHO from a bit in a certificate, but rather from the message contents itself, as many on the list have agreed. A bit may be marginally helpful on the issue of intent, but the "lu et apprové" language itself is a far better way of determining the granularity of the human intent, in a particular social and linguistic context, than any machine classification.

The authenticity of the message contents as of a particular time, as Steve Teppler has pointed out, can be determined by a timestamp.

So, if we know the network origin, the timestamp and the message contents, we can determine whether the author meant to be bound by the meaning of the words used, and as needed perhaps extrinsic circumstances (pattern of transactions between parties, oral understandings, etc.)  The NR bit has very little relevance in this context.

There still remains however that elusive and tricky issue that technologists seem to want to avoid: tying human or machine identity to network location in order to conclude that a particular person or software agent was responsible for the message generated from the network location.

In earlier postings I have tried to draw a distinction between p-authentication (person-authentication) and m-authentication (machine-authentication).

In classic PKI terms, a person is introduced to computers for certificate issuance purposes by another human who is called a registration authority. As Roger Younglove has pointed out, it is also possible to have a machine generate an identifier (password) for a human to use. That makes the human self-introduce to the network by adopting the password as a digital ID. But the underlying dynamics and result are the same. A digitalID is assigned to a person by a person, in Roger's case the same person who is recipient of the digitalID.

In subsequent transactions, the person can be deemed to be the author of message contents, by means of the digitalID, until the person revokes it, as in certificate revocation.

The care and integrity of the person doing the p-authentication is critical for the needs of a relying party, who is ultimately interested in having the party responsible for a commitment held to it in the event of a dispute regardless of the mechanics of mapping a human to a digital ID.

The manner in which registration (introduction of a human to a network for the purpose of issuing a digital ID) occurs is generally one subject of a CA's cps, and may be reflected in machine-readable language by a cp. There is however no way to do comparisons between cps provisions easily with regard to how reliable the identification processes are except perhaps by a team of dedicated lawyers, who may not agree on the final comparisons to be made. For that reason as the Chair of the eNotary TC of LegalXML Oasis, I am working on developing an XML syntax to allow such comparisons in terms of reliability of identifications to be made and reflected in machine readable ways. This hopefully will allow different brands and classes of certificates to be treated as fungible and interchangeable commodities, as they were originally intended to be, but have never quite become even to this day.

One area that has received little attention to date is the way a machine ought to be authenticated to a network as an agent capable of concluding binding commitments on behalf of enterprises or individuals. Each machine has a MAC, but that can easily be spoofed, as the wireless network I installed in my home clearly proves. The network router spoofs the IP address of the machine that is supposed to be the recipient of the high speed Internet connection in order to share the connection between the various PC's that can be installed throughout the house.

How should one perform m-authentication for the purposes of issuing a digital ID that relying parties can use with minimal risk? Alternatively stated, if a software agent concludes a contract on behalf of an entity, as eSign clearly anticipates, how does the human co-contractant know that he or she has obtained anything of value? Which and whose machine is it really? I have found nothing on point and would appreciate references, if any are available through this group.

Happy Thanksgiving to all those who celebrate the holiday, and best regards to all.

John Messing
3900 E. Broadway Blvd., Suite 201
Tucson, AZ 85711
(520)547-7933 (v)
(520)547-7920 (f)
jmessing@law-on-line.com
----- Original Message -----
From: Hans Nilsson
To: ST-ISC@MAIL.ABANET.ORG
Sent: Thursday, November 28, 2002 3:39 AM
Subject: Re: Nonrepudiation--- yearly tradition


Hoyt,

I know you are working on this kamikaze task of keyUsage bits definition in X.509, and have seen a draft text. Can I add my own 2 öre to the discussion?

digitalSignature: for verifying digital signatures * for authentication or data integrity purposes *

because at least data-origin authentication, peer-entity authentication and data integrity have quite well accepted definitions.

Thus, IMHO, the DS bit can (and should) be used for SSL and S/MIME, where it is mainly asserted that the information comes from an authenticated person, without him actually commiting to the contents.

The NR bit, IMHO, (but now I also enter the muddy waters...) corresponds to the thing you write when signing something in France: "Lu et apprové", which is more like a "commitment type" indication. But I know, this should maybe be indicated elsewhere...

Anyway: I do not see why only NR bit may signify "evidence value". Also an SSL trace, or an S/MIME message is an "electronic signature" and "can not be denied legal effect" in court, both according to the US E-SIGN bill and according to the EU Directive.

By the way: Why does the yearly "meaning-of-non-repudiation" discussion mostly take place in November? Is it because it is getting dark, and we need something interesting to occupy ourselves with between Halloween and Thanksgiving?

Happy Thanksgiving!

Hans Nilsson

Hans Nilsson Consulting
Fredriksstrand 5
S-185 35 Vaxholm SWEDEN
e-mail: hans@hansnilsson.se
Mobile: +46 70 575 0346

 -----Original Message-----
From: Information Security Committee [mailto:ST-ISC@MAIL.ABANET.ORG] On Behalf Of Hoyt L. Kesterson II
Sent: Thursday, November 28, 2002 10:16 AM
To: ST-ISC@MAIL.ABANET.ORG
Subject: Re: Nonrepudiation---The Other Thanksgiving Turkey


well we know how simple it is to define non-repudiation in a single sentence :). incidentally, i have exchanged email with jane hill on her comments and am working on what i hope is a comprehensive response to comments raised on this list (hopefully leading to ballot comments to further clarify the current text). i want you to know i cook a very fine turkey with cornbread stuffing.


it's not a totally wrong definition for integrity - i suspect that the authors took the fact that digital signatures provide integrity and developed the erronous position that signing was used for integrity. normally an integrity service, especially for transmitted data, doesn't prevent data being modified; it provides for the detection of changes. and it it can be done with a digitally signed hash. of course, ssl provides integrity with just a hash function using a shared secret as the first input into the hash - no signing needed for integrity.


i agree that it is not a helpful article


    hoyt




http://www.informationweek.com/story/IWK20021122S0012

The latest "Information Week" contains an article entitled "Security Trap," which provides the following definition in a text box labeled "Know Thy Jargon"

>>Nonrepudiation:  Proves a message was sent by the specified party - a digital receipt.>>

Oh, and "integrity" is defined as "alerts if data's modified en route, usually using digital signatures."

The authors of this article are employees of a firm called "Doculabs"

Steve

"If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]



Attachment converted: hoyt's powerbook:Steven W. Teppler 11.vcf (TEXT/MSWD) (0011ABC0)