Re: [IETF-PKIX] digitalSignature vs. nonRepudiation

[mfsmith2@xxxxxxxxxxxxx]

I agree in setting both if the CA issuing the cert is issuing it for more
than just I&A, as would/should most commercial CAs such as banks or
merchants.

I also believe that, because the options are in the extension, a lawyer
could argue against non-repudiation if it is not set, even though the
re;liant party knows who signed something and that what was signed has not
been altered since signing.

If someone were contesting (attempting to repudiate) a signed agreement
because non-repudiation was not set, then that would probably go in front of
a court fro final arbitration.  If they both were set, then that reason is
at least eliminated.

michael


-----Original Message-----
From: Simonetti David <simonetti_david@bah.com>
To: ietf-pkix@tandem.com <ietf-pkix@tandem.com>
Date: Monday, November 17, 1997 1:45 PM
Subject: digitalSignature vs. nonRepudiation


>I am attempting to implement the key usages as defined for the keyUsage
>extension.  I am stumbling upon digitalSignature and nonRepudiation.
>
>I define the key usage digitalSignature as a public key which affords
>the services of authentication and data integrity.
>
>Of course, nonRepudiation affords the service of non-repudiation.
>
>My question is, with only nonRepudiation set (and not digitalSignature),
>is it true that my public key can be used only to provide the service of
>non-repudiation, and NOT the services of authentication and data
>integrity?  If this is true, I'm curious to know how this is
>implemented.
>
>I claim that if the nonRepudiation bit is set, that I can use that key
>to implement authentication and data integrity, and also claim
>nonRepudiation of the originator.  Since authentication and data
>integrity are services provided under digitalSignature, I believe that
>when nonRepudiation is set, digitalSignature should also be set.
>
>I'd like to hear agreements or disagreements with my line of reasoning.
>
>Dave Simonetti
>
>