Folks,
Non-repudiation is defined (in ISO 7498-2) as a security service
that prevents a participant in a communication from later denying his
participation in said communication (I paraphrase). Thus there are various
forms of non-repudiation that may apply to message exchanges, as Stefan
pointed out. It's not that the term "non-repudiation" is ill defined, but
rather that there are a variety of security service variants, all of which
are forms of non-repudiation. Also note that security mechanisms (that
support security services) come in varying "strengths" and thus one may
reasonably claim that "imperfect" mechanisms support a given security
service, even though we realize that there are means by which these
mechanisms may be defeated.
Steve
Steve,
In discussing various aspects of electronic commerce, etc., with various folks
in the context of the ABA's Digital Signature Guidelines, one surprising fact
that emerged was that "nonrepudiation" was not defined in the Guidelines.
Because (as many people have observed) nonrepudiation is primarily a legal
concept and only secondarily a technical issue, I would invite you and others
to address the issue with the ABA as a significant oversight. Especially from
your borad understanding of many of the different uses of the term in MSP,
X.400, etc., I think a contribution in the form of a definition would be
particularly useful.
As I recall, the e-mail address for comments on the Guidelines is
abaisc(_at_)intermarket(_dot_)com(_dot_) To the best of my knowledge, no
comments have yet been
submitted.
Bob
Robert R. Jueneman
GTE Laboratories
1-617-466-2820 Office
1-508-264-0485 Telecommuting