Re: Definition of technical non-repudiation, was Re: NR -- what the real issues are, and a proposal

[Ed Gerck <egerck@xxxxxxx>]

Aram Perez wrote:

> Hi Ed,
>
> [snip]
> >
> > In a purely technical way, I agree with the definition of Menezes et al.
> > in the HAC and I recently quoted it in an email to this WG [snipped]:
> >
> > begin quote----------------------------------------------------------
> > Subject:  Re: Is this non-repudiation or NR, and why?
> > Date: Thu, 19 Aug 1999 16:52:42 -0700
> > From:  Ed Gerck <egerck@nma.com>
> > ...
> >
> > To contrast, compare with Menezes et al., in HAC, page 3:
> >
> > "non-repudiation: preventing the denial of previous commitments or actions"
> >
> > which is both legally and technically possible (as a function of how it
> > is done) and is in accord with the name -- non-repudiation. Note that
> > there is no mention of intent.
> > ....
> > end quote------------------------------------------------------------
>
> I have problems with "preventing the denial". You can not prevent me from
> denying anything. All you can do is disprove my denial. So I don't think
> this is a definition of "technical non-repudiation".

But there are several ways to prevent denial, both technically and legally,
so  I must take issue.  In the interest of dialogue, I need to point out first
that there is often a confusion between "non-repudiation proof" and
"repudiation of a proof" (copied from one of my previous msgs):

 Non-repudiation provides for means (e.g., a contract) which
 preempts repudiation claims if certain criteria are met.  However,
 non-repudiation can be repudiated either by disproving assumptions
 supposed to exist (e.g., that the contract is legal) or by proving acts
 supposed to be absent (e.g., a tort).  Aside from these two possibilities,
 non-repudiation can be enforced according to the criteria agreed
 to in the contract and cannot be repudiated, hence its name.

The same applies technically, where the assumptions supposed to exist
are modeled in the "trusted context" (hardware, software, etc.)
and the acts supposed to be absent are modeled in the "risk factors"
(virus, software error, etc.).  Thus, if what is described in "risk" does not
occur and what is described in "trust" occurs, then  the act is non-repudiable
for a previous act that is in accord to those trust and risk models -- the system
has sucessfully prevented the denial of a previous act.

Second, the impeding problem with "later" in the wording used in PKIX NR, which
is open-ended -- later, when? In five years or in 35 years as German law mandates
for business documents?  When the time arrow is reversed and we look into the past,
then this question is *simple* to answer -- because we know the current time where
non-repudiation is being warranted and we know when that event DID happen.
So, when we say that "a non-repudiation system prevents the denial of previous
acts" -- we are saying it about known acts and known time.  Thus, the two
time views are not equivalent at all.

For example, I grant non-repudiation of my signature to a bank in a check -- but
I grant it so that the bank can prevent my denial of checks I previously signed, not
so that the bank can prevent my later denial of checks.  In fact, I can sucessfully
denial any number of checks to the bank *after* I tell the bank my signature is no
longer valid.  So, I can *always* deny later acts, though I may not always deny
previous acts.

Last, note that "false denial" or "fasely denying" is NOT present in the
defintion by Menezes, which is a problem (either as intent or as pre-defined
logical state) in the current PKIX definition.

Cheers,

Ed Gerck