non-repudiation, was Re: proposed key usage text

[Ed Gerck <egerck@xxxxxxx>]

Stefan Santesson wrote:

> In fact we know rather well, up to a certain level, what NR means.
>
> NR is defined in X.509 as:
>
> Non-repudiation:  This service provides proof of the integrity and origin of
> data  both in an unforgeable relationship  which can be verified by any third
> party at any time.

This definition is wrong, as well as the consequences derived from it. Compare
with the technical definition of Menezes in  Handbook of Applied
Cryptography (cf.):

 Non-repudiation: a service that prevents the denial of a previous act.

and we may agree that the definition in X.509 is just a round-about way
of defining *strong authentication* -- where authentication affirms the
truth of an act (which can be verified by any third party at any time).
Quite different logic, as non-repudiation denies the falsity of an act --
and, thus, prevents the denial of the act.  Both are equal if and only if
the proposition is boolean, which it almost never the case is in security
(where propositions are not atomic, and are multivalued).

So, confusing non-repudiation with "authentication", or
"strong authentication", or "non-ephemeral authentication"
and thus actually vacating the concept of non-repudiation
will not go very far.  It leaves non-repudiation undefined
though still needed.

In other words, to rename or to forget a problem is not a
solution to the problem ... at least, technically ;-)

Cheers,

Ed Gerck