[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: non-repudiation, was Re: proposed key usage text

To: Ed Gerck <egerck@xxxxxxx>, ietf-pkix@xxxxxxx
Subject: RE: non-repudiation, was Re: proposed key usage text
From: Peter Williams <peterw@xxxxxxxxxxxx>
Date: Fri, 3 Dec 1999 12:54:12 -0800

http://europa.eu.int/comm/dg15/en/media/sign/elecsignen.pdf

to get the benefits of QC, providers must use
"durable means of [electronic] communication" to bind 
subscribers to governing terms and conditions concerning the
use of certs.

Is an SSL-server protocol session, using
NON-signature-based data origin authentication,
sufficient to act as a "durable means of communication",
as it is used in Thawte/VeriSign CA world today
to perform the binding of users to CPS-agreements?

If it is, then "encryption-based" authentication **underpins**
QC-grade, "signature-based" authentication and NR services.

If encryption-based authentication is sufficient 
for this "durable" communciation purpose, why is it not sufficient
for durable "authentication of communications" in 
general?

If it can enable the contract which makes a QC-cert reliable,
why cannot it enable other contract regimes!?

Perhaps, what we need is the "durable communications" 
assertion bit.

Binding NR to asymmetric signatures is just a bad idea, in 
my view. Its pretty clear to me that the EC directive will
accept a SSL server-generated, certificate-supported,
key exchange blob-set as one or more admissable and effective
electronic signature(s), just as it would an asymmetric 
signature blob.

You may have got the NR defn off of the NSA-aberism of
time-dependent, not evidence-dependent semantics, but its
still linked to asymmetric signatures, and thus
at odds with the technology-neutral regulatory 
frameworks.

> -----Original Message-----
> From: Ed Gerck [mailto:egerck@nma.com]
> Sent: Tuesday, November 30, 1999 11:04 AM
> To: Peter Williams; ietf-pkix@imc.org
> Subject: Re: non-repudiation, was Re: proposed key usage text
> 
> 
> Peter:
> 
> Thanks for the useful links, including patents.  The topic
> extension seems to be off-charter for PKIX -- though one may
> expect that other standards and references may realign
> themselves with PKIX, but this is on their turf.  What could
> be done here was IMO done to a large extent -- to clear the
> PKIX discourse and to make NR useful and distinguished
> from authentication, while reducing its potentially misleading
> aspects.  Especially useful was to clarify that NR has nothing
> to do with "willful intent", it has to do with evidences.  So,  this
> WG has now a rather objective  agreement (if one also includes
> the archives, for context) on NR and work can go on until this
> agreement is again challenged by facts.  Until then, I am happy
> to pursue this discussion in private or in other technical fora
> such as the MCG -- in particular on modeling NR as a "modus
> tolens" logical affirmation in modal logic.
> 
> Cheers,
> 
> Ed Gerck
> 
>

Follow-Ups:
- Re: non-repudiation, was Re: proposed key usage text
  - From: Ed Gerck

Prev by Date: Re: unqualified topic - not solved yet.
Next by Date: RE: Certificates with DSA keys
Previous by thread: Re: non-repudiation, was Re: proposed key usage text
Next by thread: Re: non-repudiation, was Re: proposed key usage text
Index(es):
- Date
- Thread