OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: The need for "Non-repudiation" [was: Why did secure e-mail fail? ... ]



Hi John.

Thanks for the very interesting things you said about how legal cases are
decided.  Can I now change the subject once more?!  

John Messing wrote:
[snip] 
> One question is the goal of security.
[snip]
> I would think that one question could be how technology can contribute
> to raising the bar of security appropriately without simply inventing
> solutions as though there were nothing else already in place.
> 
> In this regard, I personally tend to favor pragmatism, and to eschew
> orthodoxy.

In this vein, may I ask your opinion of "non repudiation" in PKI land?  Was
it a techie's "solution" to a problem where other solutions were already in
place?  Does asserting (or not) the NR bit really add (subtract) special
powers to my signature?  

I always railed against the implied monopoly claimed by PKI vendors on 
"non-repudation".  The reality I think is that it can be very hard to
repudiate all sorts of conventionally secured transactions.  For instance,
what chance do I have of speciously denying a given Internet banking
transaction of mine on the grounds that my payment order was *not*
digitally signed and therefore *could have* originated from someone else? 

Cheers, 

Stephen.


Stephen Wilson
Lockstep Consulting Pty Ltd
www.lockstep.com.au
ABN 59 593 754 482

11 Minnesota Ave
Five Dock NSW 2046
Australia

P +61 (0)414 488 851

--------------------

About Lockstep 
Lockstep was established in early 2004 by noted authentication expert
Stephen Wilson, to provide independent advice and analysis on cyber
security policy, strategy, risk management, and identity management. 
Lockstep is also developing unique new smartcard solutions to address
privacy and identity theft. 
 




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]