[3422] in cryptography@c2.net mail archive
RE: IP: State Govt Will Use Datakey Smart Cards
daemon@ATHENA.MIT.EDU (Guthrie, Paul)
Tue Oct 6 14:20:24 1998
From: "Guthrie, Paul" <pguthrie@visa.com>
To: Ed Gerck <egerck@laser.cps.softex.br>,
Robert Hettinga
<rah@shipwright.com>
Cc: cryptography@c2.net, dcsb@ai.mit.edu
Date: Tue, 6 Oct 1998 08:14:10 -0700
I do like Ed's breakdown of non-repudiation, but would like to add the
following view:
Technical repudiation (can repudiation be disproven with mathematical
certainty)
Policy based repudiation (what are the payment system rules in case of value
transfer and these may be agreed to contractually by some or all parties)
Legal repudiation (what are the laws of all applicable jurisdictions)
In most cases, the policy based repudiation takes both legal and technical
into account to convey "the way it is", but in general, all of these work
together (as an example policy based non-repudiation holds unless legal
supercedes but that can be challenged by a case using the technical).
Where I am going with this is I am always slightly amused by technical
companies asserting non-repudiation capabilities because often that has no
real impact, especially in the US with (currently) spotty dig sig
legislation, plus of course Reg E and Reg Z specifying real repudiation
rights for electronic payments.
Finally, though, I do believe (beyond the marketing hype) that Datakey has
both sound and well-designed products from what I've seen.
Regards,
Paul
> -----Original Message-----
> From: Ed Gerck [mailto:egerck@laser.cps.softex.br]
> Sent: Monday, October 05, 1998 9:55 AM
> To: Robert Hettinga
> Cc: cryptography@c2.net; dcsb@ai.mit.edu
> Subject: Re: IP: State Govt Will Use Datakey Smart Cards
>
>
> On Mon, 5 Oct 1998, Robert Hettinga wrote:
>
> >
> >State Government Agency Will Use Datakey Smart Cards
> >
> > MINNEAPOLIS, Sept. 30 /PRNewswire/ -- Datakey, Inc.
> (Nasdaq: DKEY), a
> >Minneapolis-based provider of information security systems,
> announced the
>
> >..
> > The Datakey smart card stores digital certificates, generates the
> >public key pair used for the digital signature and performs
> the digital
> >signature function. Utilization of the Datakey smart card
> provides true
> >digital signature non-repudiation and portability of digital
> credentials.
> >
> >Web Site: http://www.datakey.com
>
>
> I repeat: Datakey claims they provide "true digital signature
> non-repudiation".
>
> Well, non-repudiation has:
>
> 1. syntatic form (Is the signature yours?),
>
> 2. semantic form (Did you understand what you were signing?),
>
> 3. trust form (Did you yourself willfully sign it?),
>
> 4. identification form (Are you who you claim to be?),
>
> 5. temporal form (when did you sign it?),
>
> 6. local form (where did you sign it?),
>
> etc.
>
> Can you comment since you are reporting on it, or someone else could
> perhaps comment, what exactly Datakey means when they use the word
> "true" regarding non-repudiation? Is is "true" as "fully realized"
> (exemplified by "dreams come true"), or as "narrow" (exemplified by
> "in the truest sense")?
>
> Of course, they cannot mean just syntatic non-repudiation -- which is
> easily repudiated, for example by direct "loss", "fire", "accident",
> etc.
>
> I wonder what it could be then, for a smart-card. And, I wonder how
> Channel CAs (TM) would do if such claim is repudiated.
>
>
> Cheers,
>
> Ed Gerck
> ______________________________________________________________________
> Dr.rer.nat. E. Gerck egerck@novaware.cps.softex.br
> http://novaware.cps.softex.br
>
>
>
> For help on using this list (especially unsubscribing), send
> a message to
> "dcsb-request@ai.mit.edu" with one line of text: "help".
>
