[8907] in cryptography@c2.net mail archive
Re: crypto flaw in secure mail standards
daemon@ATHENA.MIT.EDU (Ian BROWN)
Mon Jun 25 11:32:41 2001
To: cryptography <cryptography@wasabisystems.com>
In-reply-to: Your message of "Mon, 25 Jun 2001 10:47:40 +0800." <044401c0fd21$4018f760$0200000a@fechk.local>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 25 Jun 2001 11:25:18 +0100
Message-ID: <572.993464718@cs.ucl.ac.uk>
From: Ian BROWN <I.Brown@cs.ucl.ac.uk>
Greg Broiles wrote:
>The digital signature laws I've seen don't mention and don't support the
>notion of "non-repudiation", which seems to be an obsession among computer
>security people and a non-issue among legal people.
Unfortunately, a lot of legal people have been convinced by the notion.
The UK's law implementing the EU's digital signature directive allows
the burden of proof to be shifted so that the "signer" of a message has to
prove they did NOT make it; the opposite to the physical signature situation.
Many British banks' online terms and conditions say that customers are liable for any
instructions authenticated by their password before it's revoked, never mind a digital signature.
Lots more info at:
Nicholas Bohm, Ian Brown and Brian Gladman. Electronic commerce: who carries the risk
of fraud? Journal of Information, Law and Technology, October 2000
http://elj.warwick.ac.uk/jilt/00-3/bohm.html
Jane K. Winn. The Emperor's new clothes: the shocking truth about digital
signatures and Internet commerce.
http://www.smu.edu/~jwinn/shocking-truth.htm
--
"Personal privacy was a transient state, starting when people no longer believed that God could see everything, and ending when governments decided they must fill the vacuum thus created." --Roger Needham
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
