[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP - non-nonrepudiation

To: "OpenPGP List" <ietf-open-pgp@xxxxxxx>
Subject: Re: PGP - non-nonrepudiation
From: "Anthony E. Greene" <agreene@xxxxxxxxx>
Date: Sat, 6 Feb 1999 03:34:42 +0100 (CET)
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-open-pgp/mail-archive/>
List-unsubscribe: <mailto:ietf-open-pgp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-open-pgp@xxxxxxx

On Fri, 5 Feb 1999, Black Unicorn wrote:
>Not a bad idea, maybe, if there were no requirement for non-repudiation by
>the receiving party.  (And if there isn't, then what's the point of this
>solution?)  Falling back on a solution which requires a trusted server which
>is still operated by the party which may later wish to present self serving
>evidence to support itself in a suit is just a mistake.
>
>Take the example of a brokerage which needs to incontrovertibly prove a
>client (or a client's key) ordered a given transaction.  How will the above
>help?  Clearly, it won't.  The bottom line is that in the mad rush to
>implement "one pass" functionality PGP dropped the ball by killing this very
>important functionality.
>
>An enterprise cannot now archive mail which can later be searched by keyword
>in the message body and still be verifiable ex post with respect to origin
>and message integrity.

They could archive both the original message and the processed copy then
tie the two together using the SMTP Message-Id or a locally generated
substitute.

-- 
 Anthony E. Greene <agreene@xxxxxxxxx>
 Homepage & PGP Key <http://www.pobox.com/~agreene/>

References:
- PGP - non-nonrepudiation
  - From: Black Unicorn

Prev by Date: Re: PGP - non-nonrepudiation
Next by Date: Re: PGP - non-nonrepudiation
Previous by thread: PGP - non-nonrepudiation
Next by thread: Re: PGP - non-nonrepudiation
Index(es):
- Date
- Thread