Keywords: PEM, EDI, Secure Email, Non-Repudiation of Message Receipt
PEM offers non-repudiation of message origin and content. When the
sender signs the message and the recipient verifies. The verification
requires the use of CRLs.
When you get a receipt by sending a registered Post Ofiice mail, the
receipt is not content-dependent on the message sent and therefore
does not provide strong non-repudiation of message receipt either.
I presented a talk on "Certified Electronic Mail" at the 1994 ISOC
Symposium which offers two solutions for providing non-repudiation of
message receipt. One is built over PEM.
See ftp://ftp.bellcore.com/pub/ali/CEM/paper.ps from Mosaic.
_______________________________________________________________________
Alireza Bahreman E-Mail:
bahreman(_at_)bellcore(_dot_)com
Bellcore, Room RRC-1K221 Phone : +1 908 699 7398
444 Hoes Lane, Piscataway, NJ 08854 Fax : +1 908 336 2943
You write:
Keywords: PEM, EDI, Secure Email
There are apparently five board requirements for secure
Electronic Data Interchange (EDI) according to
an NIST bulletin (June 1991):
o message integrity
o confidentiality
o originator authentication
o nonrepudiation
o availability (i.e. "you should back your systems up" )
PEM appears to account for message integrity, originator
authentication and possibly confidentiality. However
there seems to be no PEM cability to deal with nonrepudiation.
"nonrepudiation" looks to be a method that ensures
the submission of binding proposal (such as a bid)
by a vendor/trading partner cannot be denied.
Currently, if I send registered mail with the Post Office,
I get back a signed receipt that the addressee did get
my letter. The receiver may not have opened it, but it was
definitely received.
There appears to be nothing like this in PEM.
Is this correct?
What are some ways have nonrepudiation while using PEM?
Thanks for the help,
Mike Bridges
NASA/AMES