Re: Remote validation servers (on RECEIPTS)

I don't think your use of the term "non-repudiation" agrees with how it is
commonly used in this community.

I think a better name for the problem Ali solves is what is commonly
called "certified electronic mail", as described for example in "A
Randomized Protocol for Signing Contracts", Even/Goldreich/Lempel,
CACM, June 1985, p 644:  "Let M denote a message A wants to send to B,
via certified mail.  We remind the reader that A would like a receipt
which certifies that the mail has been received by B.  B does not know
M and is to get it if and only if A gets B's acknowledgment to the fact
that he (B) has got M." I am sure we can agree that this is a useful
and important capability regardless of what it is called.


I agree, and in fact this is also the name that Ali uses for the protocol.

This is not my scenario. I'm talking about the case where B receives E but
claims he did not. This is effectively the same as claiming not to have
received M, since EM by itself is worthless and so is any receipt signed
indicating that only EM was received. And you cannot prove otherwise with 
your
protocol. Since the entire point here is to prevent B from claiming that he
never received M, this seems like a big problem to me.

But, if you trust the sender to send EM, and according to the assumption
above you trust the infrastructure to deliver the message, then doesn't
this _prove_ that B has received EM, under these assumptions?  The
difference from a claim by B that he did not receive M is that M was not
sent by an assumed-trusted party.


If you assume the instrastructure is completely foolproof why bother with any
of this protocol in the first place? Why not simply have a third party that
stamps stuff sent out by A so that A can prove what was sent out to B?  There
is no need for a receipt of any sort under this assumption -- if B refuses to
pay all A has to do is get the records from B proving that the material was
sent.

As for receiving EM, my point is that receipt of EM is not the same as
receiving M. The receiver has to receive both EM and E for it to be the same,
and unless you can prove that both of these were received you haven't
accomplished the goal of the protocol.

                                Ned

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Remote validation servers (on RECEIPTS), (continued) Re: Remote validation servers (on RECEIPTS), John Lowry Re: Remote validation servers (on RECEIPTS), Ali Bahreman Re: Remote validation servers (on RECEIPTS), Ali Bahreman Re: Remote validation servers (on RECEIPTS), Ned Freed Re: Remote validation servers (on RECEIPTS), Stephen Kent Re: Remote validation servers (on RECEIPTS), Ali Bahreman Re: Remote validation servers (on RECEIPTS), Ned Freed Re: Remote validation servers (on RECEIPTS), Ali Bahreman Re: Remote validation servers (on RECEIPTS), Valdis Kletnieks Re: Remote validation servers (on RECEIPTS), Hal Re: Remote validation servers (on RECEIPTS), Ned Freed <= Re: Remote validation servers (on RECEIPTS), Stefan Kelm Re: Remote validation servers (on RECEIPTS), Ned Freed Re: Remote validation servers (on RECEIPTS), Ali Bahreman Re: Remote validation servers (on RECEIPTS), Stephen Kent Re: Remote validation servers (on RECEIPTS), Ali Bahreman Re: Remote validation servers (on RECEIPTS), Peter Williams Re: Remote validation servers (on RECEIPTS), Stephen Kent Re: Remote validation servers (on RECEIPTS), Jueneman

Previous by Date:	Discussion of reliance limits, liability, etc., Jueneman
Next by Date:	Re: Remote validation servers (on RECEIPTS), Ned Freed
Previous by Thread:	Re: Remote validation servers (on RECEIPTS), Hal
Next by Thread:	Re: Remote validation servers (on RECEIPTS), Stefan Kelm
Indexes:	[Date] [Thread] [Top] [All Lists]