[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IETF-PKIX] digitalSignature vs. nonRepudiation

To: IETF-PKIX@xxxxxxxxxxxxxxxx
Subject: Re: [IETF-PKIX] digitalSignature vs. nonRepudiation
From: Russ Housley <housley@xxxxxxxxxx>
Date: Wed, 26 Nov 1997 10:54:27 -0500
In-reply-to: <>
Reply-to: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>
Sender: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>

I understand that notary and trusted-timesatmps will be discussed at the
upcoming meeting in Washington.

Russ

At 08:08 PM 11/26/97 +1100, Hamid Homayouni wrote:
>On Wednesday, November 26, 1997 1:25 AM, Russ Housley  wrote:
>> So, when you hand sign a guest register at a wedding, a credit card
>> receipt, and a mortgage, how do you distinguish which needs
>> non-repudiation?  You do not (except that you are forced to use black
>ink).
>>  If the transaction is really important, you get a notary involved, but
>> otherwise the same mechanism is used to provide different services.
>
>That's right, but also remember that there are various degrees of
>importance. I certainly would not get a notary involved in a credit card
>transaction, but I have to and WILL use my signature that is on the back of
>my mag stripe card. Although, I may choose not use that same signature for
>a guest register!
>
>Just out of curiosity, what's the equivalent of a notary in PKI if a CA
>with proper processes, and liability covers, etc is not considered one?
>
>-Hamid
>
>>
>> Russ
>>
>>
>> At 02:20 PM 11/25/97 +1100, Hamid Homayouni wrote:
>> >Similar to Bill, I've not been involved in the discussions that led to
>this
>> >proposal. So please bear with me.
>> >
>> >The technical mechanisms for both digital signature and non-repudiation
>are
>> >the same. The only thing that can enforce non-repudiation is proper
>> >legislation behind it.
>> >At the same time, as a user, I'd prefer to separate my key usage into
>> >"digital signature" for day-to-day I&A use, and "non-repudiation". ie. I
>> >really want to consciously sign something and not get it mixed up with
>my
>> >day-to-day activity of using my I&A keys. Similar to what I actually do
>> >with my normal hand signature. I've one (the short version) that I use
>> >within the office for memos, etc, and one that I use for financial
>> >transactions (ie, I'm consciously accepting a bigger responsibility).
>[...]
>
>> >> >>
>> >> >
>> >> >
>> >> Regards,
>> >>
>> >> Bill Burr
>>
>>
>

References:
- Re: [IETF-PKIX] digitalSignature vs. nonRepudiation
  - From: Hamid Homayouni

Prev by Date: [IETF-PKIX] ASN1 question on PKIX part 1
Next by Date: [IETF-PKIX] Advertisement: Website Hosting
Previous by thread: Re: [IETF-PKIX] digitalSignature vs. nonRepudiation
Next by thread: Re: [IETF-PKIX] digitalSignature vs. nonRepudiation
Index(es):
- Date
- Thread