On Fri, 5 Feb 1999, Carl Ellison wrote:
What do you (or does anyone else) mean by non-repudiation?
To me, it means that I can take you into a courtroom and prove, somehow,
that you signed the digitally signed message I hold in the floppy in my hand.
That means that the mechanisms we have set up defeat all your attempts to
defend yourself against that accusation. That is, you are unable to
repudiate the signature because of the mechanism we have established.
Tell me how I can prove otherwise when you claim:
[snip]
You arguments apply as well to pen/ink signatures. What you're overlooking
is that in this context 'non-repudiation' refers to legal proof, not
logical proof. The references to enforcing a contract in court clearly set
the context of the discussion.
Even though it's possible for someone to forge a handwritten signature, if
it looks enough like yours, and you don't have some independent evidence
that you did not make the signature, you will be legally bound by it.
We have not established the case law yet to support digital signatures.
But when we do, the examples you gave will not hold up in court any more
than making an *unsupported* claim that you're not responsible for the
use of your ATM card. If the only evidence you have that it wasn't you is
your own word, it won't be sufficient in court.
--
Anthony E. Greene <agreene(_at_)pobox(_dot_)com>
Homepage & PGP Key <http://www.pobox.com/~agreene/>