Elaborate and clarify the technical NR service definition

[tgindin@xxxxxxxxxx]

     In the interest of clarifying the discussion over what the NR bit is good
for, I am preparing an Internet-Draft on the requirements of the technical NR
service.  I have had some encouragement on this, although this is my personal
responsibility and does not necessarily represent the views of my employer or of
those who think such a draft would be helpful.  The scope of this draft will be
limited to the technical requirements of NR and deliberately exclude
considerations of what is necessary for the execution of a legal contract.  I
hope that many of the participants in this discussion will be willing to help
clarify or debate the requirements in this posting.
     To give an idea of what the draft will and will not cover, here is my
paragraph on scope, which is mainly a set of limitations:
     The technical nonRepudiation service (hereinafter NR service) is expected
to provide evidence that a given object was signed by the possessor of a given
valid certificate.  It is not anticipated that the use of the NR service will
ordinarily constitute execution of a contract, or acceptance of any other legal
obligation.  It is anticipated that the use of this service in accepting legal
obligations will be the subject of legislation or judicial decision in various
jurisdictions, which are likely to lay additional technical burdens upon the
provision of such a service to such an extent as to constitute another, larger
service which need not be the same in all jurisdictions.  It is outside the
scope of the definition of this service to provide evidence that the signer and
the holder of the signing certificate are the same, that the signer has been
adequately informed of the content which is signed, that the signer is not
acting under duress, etc.

          Tom Gindin