[7646] in cryptography@c2.net mail archive
Re: Non-Repudiation in the Digital Environment (was Re: First
daemon@ATHENA.MIT.EDU (Ed Gerck)
Wed Aug 9 18:53:13 2000
Message-ID: <3991DA08.38E49E25@nma.com>
Date: Wed, 09 Aug 2000 15:24:09 -0700
From: Ed Gerck <egerck@nma.com>
MIME-Version: 1.0
To: Eric Murray <ericm@lne.com>
Cc: Derek Atkins <warlord@MIT.EDU>, Ian BROWN <I.Brown@cs.ucl.ac.uk>,
"R. A. Hettinga" <rah@shipwright.com>,
Digital Bearer Settlement List <dbs@philodox.com>, dcsb@ai.mit.edu,
cryptography@c2.net, cypherpunks@cyberpass.net,
AMcCullagh@exchange.gadens.com.au
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
The paper's conclusions are:
1. "This paper demonstrates that the deployment of a trusted computing system for digital signatures is the only secure option,"
Comment: this is a tautology, for which no demonstration is necessary and is not even in question.
The question is how to make it happen in the real world, where a trusted computer system might be
only the ones that are turned off and buried underground.
2. "resulting in a legal position where the onus of proof for the electronic environment is equivalent
to the paper-based environment."
Comment: I want to say -- Gimme a break! Everyone knows that paper-based environments are
not golden standards for security. Why have banks moved and are moving more and more
a w a y from paper? Why are paper badges only to be found with dodos?
3. "If a trusted computing system is used to affect a digital signature, then and only then
can the onus of proof lie with the recipient in the same manner that exits in the paper-based
world."
Comment: this is a non sequitur. And, as everyone knows, the onus of proof lies always on you ;-)
When push comes to shove, if you can prove you did sign the insurance policy before the quake because there is (for example) a digital timestamp that can be verified, the recipient may say whatever
it wishes.
4. " Without a trusted computing system, neither party - the signer or the recipient - is in a
position to produce the necessary evidence to prove their respective case."
Comment: Give me trust so that I can use it, is the message here. Trust, however, is earned.
To produce the necessary evidence, either party may need to use another system. Volkswagen
AG is a trusted and known company and yet this did not prevent them from encroaching into
GM's intelectual property and actually using it, which later on caused (in 1998) VW to pay a
fine of US$ 1.1 billion (yes, billion). We find in security work that trust is oftentimes a question
of the extent to which that trust finds itself stressed to until it fails when a limit is reached. For
VW, that was their limit.
5. "Hence the implementation of a trusted computing system will allow for a balance between the two environments."
Comment: The authors seem to believe that trusted computing systems arrive by mail order
catalogues. No, someone needs to say that they are simply abstractions -- useful, but
abstractions. If I trust a computer system before I know that my competitor trusts it,
will it make a difference that my competitor now trusts it? Yes, as we see everyday.
I do not want to give the article a dismissive treatment, because it does have some useful
comments, but the glaring mistakes and omissions also in the legal part make it IMO a difficult
read. I was somehow expecting a better take from Adrian. I guess the article is simply not
non-repudiable ;-)
Cheers,
Ed Gerck
