[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: The need for "Non-repudiation" [was: Why did secure e-mail fail? ... ]
Hi John. Thanks for the very interesting things you said about how legal cases are decided. Can I now change the subject once more?! John Messing wrote: [snip] > One question is the goal of security. [snip] > I would think that one question could be how technology can contribute > to raising the bar of security appropriately without simply inventing > solutions as though there were nothing else already in place. > > In this regard, I personally tend to favor pragmatism, and to eschew > orthodoxy. In this vein, may I ask your opinion of "non repudiation" in PKI land? Was it a techie's "solution" to a problem where other solutions were already in place? Does asserting (or not) the NR bit really add (subtract) special powers to my signature? I always railed against the implied monopoly claimed by PKI vendors on "non-repudation". The reality I think is that it can be very hard to repudiate all sorts of conventionally secured transactions. For instance, what chance do I have of speciously denying a given Internet banking transaction of mine on the grounds that my payment order was *not* digitally signed and therefore *could have* originated from someone else? Cheers, Stephen. Stephen Wilson Lockstep Consulting Pty Ltd www.lockstep.com.au ABN 59 593 754 482 11 Minnesota Ave Five Dock NSW 2046 Australia P +61 (0)414 488 851 -------------------- About Lockstep Lockstep was established in early 2004 by noted authentication expert Stephen Wilson, to provide independent advice and analysis on cyber security policy, strategy, risk management, and identity management. Lockstep is also developing unique new smartcard solutions to address privacy and identity theft.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]