[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ** Statement Summary #7 - Final
> The list has the following statement:
>>06 REQUIREMENT - AUTHENTICATION - The receiver of an EDI message can be
>>assured that the purported original signatory of the message is the entity
>>that actually sent (?) the message.
> and Carl comments:
>All digital signatures provide both authentication, non-repudiation
>of origin, and integrity.
I think you are oversimplifying this, or assuming that public keys are used.
You can provide integrity and authentication of origin without providing
non-repudiation of origin, by using DES (Data Encryption Standard) Secret key
to encrypt the token. That does not constitute a signature. Why would you do
that? Because DES is simple to implement, free, fast algorithm, keys are
trivial to generate, and you don't need a supporting infrastructure (just
exchange a secret key with each trading partner). And it has never been
broken, which is more than can be said for the private key approaches (the
Internet was used to factor a large public key into its two prime numbers in
just seven months, or less--I forget).