[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Non-repudiation of receipt

To: internet!imc.org!ietf-ediint
Subject: Re: Non-repudiation of receipt
From: Rik Drummond
Sent: Thursday, February 15, 1996 2:47 AM

Great statement Bob.  We will have to discuss the extended comments later
after we get the all statements collected. Any body else have any other
ideas/issues for EDI over Internet?  ......later....rik


>From:  boblyons@unidex.com (Robert C. Lyons

>REQUIREMENT -  NON-REPUDIATION OF RECEIPT - The sender of an EDI message
>obtains undeniable proof that the recipient received the message and the
>message was not altered in transit. Non-repudiation of receipt is
>implemented via an acknowledgment; the recipient of an EDI message returns
>this acknowledgment to the sender of the EDI message. This acknowledgment
>contains the digital signature of the EDI message; also, the acknowledgment
>is digitally signed by the receiver of the EDI message.
>
>Note that a trusted third party, such as an EDI VAN, can provide
>non-repudiation of receipt without the use of digital signatures. However,
>most, if not all, Internet Service Providers do not offer this service.
>
>MOSS, PEM, PGP and S/MIME meet most of the security requirements of users
>doing EDI over the Internet; however, they do not provide non-repudiation of
>receipt.
>
>The IETF-EDIINT group should try to pursuade any IETF groups working on
>e-mail security and e-mail receipts to develop a standard for
>non-repudiation of receipt. We should also align ourselves with any other
>groups that need this feature for their Internet e-mail applications.
>
>A possible interim solution is to use the 997. The receiver of an EDI
>message would place the digital signature of this EDI message into a 997,
>and return the 997 to the sender of the original EDI message. The problem
>with this solution is that e-mail users, EDIFACT users and proprietary EDI
>users will not want to use an ANSI X12 transaction set for non-repudiation
>of receipt. This will result in multiple solutions for non-repudiation of
>receipt (i.e., one for e-mail, one for X12-based EDI, one for EDIFACT-based
>EDI, etc.).
>
>Another possible interim solution is to use the EDIFACT AUTACK message,
>which was designed to provide non-repudiation of receipt. This is how
>Premenos's Templar product provides non-repudiation of receipt. However,
>this solution has the same problem as the 997-based solution.
>
>
>Bob Lyons
>EDI & Internet Consultant
>Unidex, Inc.
>1-908-975-9877
>boblyons@unidex.com
>EDI Help Desk: http://www.wwa.com/unidex/edi/

Prev by Date: [no subject]
Next by Date: [no subject]
Previous by thread: RE: Non-repudiation of receipt
Next by thread: RE: Secrecy and authentication
Index(es):
- Date
- Thread