sme...@gmu.edu (Seymour J Metz) writes: > The proper way to provide encryption and non-repudiation is to have > two key pairs. You sign a message using your private key. People > wanting to send you encrypted data encrypt using your public key. So > if foo wants to send bar a signed encrypted document, foo double > encrypts it with foo's private key and bar's publickey.
I got into the middle of this in NIST, US and ISO financial standards bodies. crypto non-repudiation can show it came from your machine. The crypto companies wanted to move up the value stream to claim that non-repudiation was in the legal sense of read, understood, agreed, approved, and/or authorized something ... so they could charge more for the crypto ... however showed that those crypto "non-repudation" in no way satisfied the legal/business requirements (just that it was sent from your machine). we were also brought in to help wordsmith some cal. state legislation ... at the time they were working on electronic signature, data breach notification and opt-in personal information sharing. The "digital certificate" companies were lobbying that the electronic signature legislation mandate digital certificates (obtained at high price from them, at the time they were hawking $20B/annum business plans on wallstreet where every person would have a digital certificate at $100/year) ... for use with "digital signatures" ... as someway being equivalent to "human signatures" (and apply to non-repudation). They didn't get their way. -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
