[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PKIX-1 key purpose
> > > [for ObjectSigning]
> > >
> > >The consistent usage bits should be augmented to include
> > >non-repudiation. There is is no less non-repudiable
> > >grade service requirements for signing an interpreted install script,
> > >HTML page, or an exe/dll/class file, then for signing an email.
> I think I agree. My inclination is to reserve "non-repudiation" exclusively
> for keys intended to be interpreted as legally binding upon the signer
I believe a *CA policy* **could** ask a subscriber to conform to such an
obgliation when using a private key. There is nothing technically
one can, or should do, to enforce such a semantic however
when claiming conforming status to the X.509 standard.
The ISO defnition of non-repudiation services is clear; you cannot alter
it in the PKIX-1 technical profile. Under the rules of the third party resolving
repudiation disputes, the crypto evidence must be irrefutable, and, by
implication, the strength of the mechanisms used must be sufficient. It
says nothing about the proof standard being that of one countries
law system or another countries/group's law system. Access to
a PKIX-1 dispute resplution mechanism may for example cause
one to agree to cede rights to subsequently contest the same dispute
in court ("mandatory final arbitaration, for example, rule set").
We must not build policy into technical standards. Forcing folk
into legal-standards of proof when using a bit signal denies
other legitimate uses of the arbitration mechanism which
are less stringent than legal process, but are non the less useful
for perhaps 95% of cases.
Take an example of a competition in which poems are submitted
over S/MIME to Cadbury Chocolate company. Often the rules in the wrapper
will say, the decision of Cadbury judges regarding submission deadlines, or
poem quality, is final. When enrolling for a Cadbury-competiion cert
so as to register for the competition, and thereupon agreeing to abide by the
competition rules, the resulting subscriber cert will have the NR bit set signalling
Cadbury is the third-party final arbiter. No lawyers involved - whatsoever.