ietf-openpgp
[Top] [All Lists]

Re: PGP - non-nonrepudiation

1999-02-05 19:44:54
On Fri, 5 Feb 1999, Black Unicorn wrote:
Not a bad idea, maybe, if there were no requirement for non-repudiation by
the receiving party.  (And if there isn't, then what's the point of this
solution?)  Falling back on a solution which requires a trusted server which
is still operated by the party which may later wish to present self serving
evidence to support itself in a suit is just a mistake.

Take the example of a brokerage which needs to incontrovertibly prove a
client (or a client's key) ordered a given transaction.  How will the above
help?  Clearly, it won't.  The bottom line is that in the mad rush to
implement "one pass" functionality PGP dropped the ball by killing this very
important functionality.

An enterprise cannot now archive mail which can later be searched by keyword
in the message body and still be verifiable ex post with respect to origin
and message integrity.

They could archive both the original message and the processed copy then
tie the two together using the SMTP Message-Id or a locally generated
substitute.

-- 
 Anthony E. Greene <agreene(_at_)pobox(_dot_)com>
 Homepage & PGP Key <http://www.pobox.com/~agreene/>



<Prev in Thread] Current Thread [Next in Thread>