ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PGP - non-nonrepudiation

1999-02-05 21:17:50
from [Carl Ellison] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----

At 06:02 PM 2/5/99 -0600, Black Unicorn wrote:

Not a bad idea, maybe, if there were no requirement for non-repudiation by
the receiving party.  (And if there isn't, then what's the point of this
solution?)  


Sorry, but you hit one of my buttons.

What do you (or does anyone else) mean by non-repudiation?

To me, it means that I can take you into a courtroom and prove, somehow, 
that you signed the digitally signed message I hold in the floppy in my hand.

That means that the mechanisms we have set up defeat all your attempts to 
defend yourself against that accusation.  That is, you are unable to 
repudiate the signature because of the mechanism we have established.

Tell me how I can prove otherwise when you claim:

1.      my private key was on my computer, but I didn't sign that message.  I 
never saw that message.  It is quite possible that someone else found my 
computer logged in while I was in the bathroom and signed that message with 
my computer.  Therefore, you need to track down and bring in that other person.

2.      I was at my computer when that message was allegedly signed, but I 
never 
saw it and never signed it.  I did try to sign some other message -- even 
put my thumb to the thumbprint reader to release the signing key -- but that 
signature attempt failed, so I had to do it again.  There could have been a 
virus on my machine that used my unlocking of the private key to sign the 
message in question.

etc.

        --------------------------------------------------

This is just the start of possible defenses.  After I made a list of them a 
little longer than this, I came to the simplifying conclusion that we should 
never use the term "non-repudiation" and should, in fact, strongly reprimand 
anyone who tries to.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3

iQCVAwUBNrvC+RN3Wx8QwqUtAQHAPAP/QWgqgCl4EvqpgGfO0RvW5gTgOI3Ib+ge
IrqVinHcOJJbJML7vC8rnM9seZB15KN0fToGmco8YLoFHfXeaVPVyrBVL53Pcczi
LSn9SA0Z148IghoAwfNuA2HBThGCi7TGsrKDv8CVqvSyP3FkOCZ5bykO79LabHpi
kviUeEIHMJA=
=TgFJ
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison         cme(_at_)acm(_dot_)org     http://www.pobox.com/~cme |
|    PGP: 08FF BA05 599B 49D2  23C6 6FFD 36BA D342                 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PGP - non-nonrepudiation, Anthony E. Greene
Next by Date:  RE: PGP - non-nonrepudiation, Black Unicorn
Previous by Thread:  Re: PGP - non-nonrepudiation, Anthony E. Greene
Next by Thread:  RE: PGP - non-nonrepudiation, Black Unicorn
Indexes:  [Date] [Thread] [Top] [All Lists]