Keywords: PEM, EDI, Secure Email
There are apparently five board requirements for secure
Electronic Data Interchange (EDI) according to
an NIST bulletin (June 1991):
o message integrity
o confidentiality
o originator authentication
o nonrepudiation
o availability (i.e. "you should back your systems up" )
PEM appears to account for message integrity, originator
authentication and possibly confidentiality. However
there seems to be no PEM cability to deal with nonrepudiation.
"nonrepudiation" looks to be a method that ensures
the submission of binding proposal (such as a bid)
by a vendor/trading partner cannot be denied.
Currently, if I send registered mail with the Post Office,
I get back a signed receipt that the addressee did get
my letter. The receiver may not have opened it, but it was
definitely received.
There appears to be nothing like this in PEM.
Is this correct?
What are some ways have nonrepudiation while using PEM?
Thanks for the help,
Mike Bridges
NASA/AMES