[3425] in cryptography@c2.net mail archive
RE: IP: State Govt Will Use Datakey Smart Cards
daemon@ATHENA.MIT.EDU (Guthrie, Paul)
Tue Oct 6 14:48:21 1998
From: "Guthrie, Paul" <pguthrie@visa.com>
To: "Arnold G. Reinhold" <reinhold@world.std.com>,
Ed Gerck
<egerck@laser.cps.softex.br>,
Robert Hettinga <rah@shipwright.com>
Cc: cryptography@c2.net, dcsb@ai.mit.edu
Date: Tue, 6 Oct 1998 11:25:28 -0700
Well, I don't want to get into nuances of public key cryptosystems since
that was not the point of the thread (nor do I want to define what the
definition of "is" is :-). However, remember than repudiation is a negative
term by definition, therefor disproof of a negative is not the same as
proving the positive. In other words if someone repudiates a transaction
based on technical terms, and the proof of the validity required the
questioned mathematical certainty which you have pointed out is not there,
then it is unlikely that this on its own would stand. So, that takes one
back to my earlier point that the other types of non-repudiation (policy and
legal) are what should be looked at.
Regards,
Paul
>
> I am not aware of any electronic signature scheme that can disprove
> repudiation with "mathematical
> certainty." All of the algorithms used in public key
> signature schemes that
> I am aware of rely on mathematical assumptions that have
> never been proven.
>
>
> Also all signature schemes rely on the user keeping his or
> her private key
> secret. I don't see how one can prove that no one else knew a
> secret with
> mathematical certainty. While this weakness can be dealt with
> for a regular
> stream of transactions by using tamper resistant smart cards
> and assigning
> some liability to the owner of a key who does not report its
> loss, large
> transactions involving the general public should always
> require additional
> corroboration beyond a single valid electronic signature.
> This might be an
> MPEG of the signing, itself electronically time stamped and
> signed by a
> witnessing notary.
>
