[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ** Statement Summary #7 - Final

To: carl@xxxxxxxxx (Carl Hage), ietf-ediint@xxxxxxx
Subject: Re: ** Statement Summary #7 - Final
From: clueder@xxxxxxxxxxxxxxxx (Christopher J. Kit Lueder)
Date: Mon, 26 Feb 96 09:44:16 -0500
Sender: owner-ietf-ediint@xxxxxxx

Hi Carl,


> The list has the following statement:
>>06 REQUIREMENT - AUTHENTICATION - The receiver of an EDI message can be
>>assured that the purported original signatory of the message is the entity
>>that actually sent (?) the message.

> and Carl comments:
>All digital signatures provide both authentication, non-repudiation
>of origin, and integrity.

I think you are oversimplifying this, or assuming that public keys are used. 
You can provide integrity and authentication of origin without providing 
non-repudiation of origin, by using DES (Data Encryption Standard) Secret key 
to encrypt the token. That does not constitute a signature. Why would you do 
that? Because DES is simple to implement, free, fast algorithm, keys are 
trivial to generate, and you don't need a supporting infrastructure (just 
exchange a secret key with each trading partner). And it has never been 
broken, which is more than can be said for the private key approaches (the 
Internet was used to factor a large public key into its two prime numbers in 
just seven months, or less--I forget).

Prev by Date: Re: ** Statement Summary #7 - Final
Next by Date: Re: ** Statement Summary #7 - Final
Previous by thread: Re: ** Statement Summary #7 - Final
Next by thread: Re: ** Statement Summary #7 - Final
Index(es):
- Date
- Thread