Hmm. Well, I disagree. The meaning of "non-repudiation of message receipt"
seems rather clear to me, and this is precisely the service that is provided by
a signed read receipt that either contains the received message or a digest of
it.
Ned,
To me a mechanism which allows recipient to voluntarily sign a read receipt does
not provide non-repudiation of message receipt. This is because the recipient
can receive the message but refuse to sign a receipt in return, in effect
falsly repudiating having received the message. Of course, I agree with Kent
and others who have said that there are applications where a voluntary signed
receipt suffices (as in MSP).
It seems that you've completely missed my point. I understand about the third
party's role here. My point is that since you cannot prove that B ever got E
from the third party, you have not proved that the message was in fact received
by B. The third party can send the message to B once, twice, a million times.
It can be shouted in the streets, placed in TV ads, whatever. The third party
can publish E in every newspaper and on every email list. It doesn't matter.
Your point is understood. You are talking about a denial of service attack
against Bob. One which has clearly been spelled out in our paper
(assumptions III, page 4). Regardless, for time-sensitive material, you have a
valid concern.
The best articulation I have heard of this was the statement John Lowry made:
By: John Lowry
Note further that the syntax and protocol of receipt handling (e.g.
when and whether a receipt token is returned to the requester) has
_nothing_ to do with the semantics. If the original message was
ambiguous then the receipt may still be meaningless. (That's why
we have lawyers :-) ) If the receipt is time-context sensitive,
then the lack of a trusted third-party timestamp on the receipt
may also allow repudiation.
One can add your scenerio, where B really does not receive E, to the above.
In defense, I can say, a receipt is only as good as the legal system behind it
which enforces it. That legal system should take care of the semantics. I am
not trying to postpone the problem. If only Alice and Bob existed in the world,
it makes no sense for Alice to ask for a receipt. She does ask for it, because
she can later use it to prove that Bob received her message. If Bob never got
E, when Alice goes to Judge Lansing (is that O.J.'s judge?), Bob will be given
E in front of Lansing. If Bob believes he is failing to get E from the trusted
party, he would probably be wise enough to write a letter to an on-line judge
saying that as of such and such, he tried x times and failed to get E from TP.
He will ask for TP's signature. If your network is down, pickup the phone...
In anycase, Bob must protect himself by an out-of-band mechanism if his network
is permanently down. At the end, both parties bring all relevant information
to a court of law where the lawyers get rich setteling the dispute. That's life!
I am not claiming that my protocol solves denial-of-service. You cannot convince
me, however, that not doing so "blows CEM out of the water". :-)
Ali