Re: SSL and non-repudiation (WARNING: contains product plug)

Wed, 24 Nov 1999 14:17:39 -0800 




<mini-advert>

To address the non-repudiation / SSL issue
We at Celo developed, over the OpenSSL libs, a web browser plugin
that allows a web content author to 'demand' that a user digitally sign
(using pkcs7/smime)
some data pushed out from a web server.

It is envoked by standard plugin activation <embed> tag.
The server then gets back via HTTPS POST an s/mime package of the
signed data for verification and (optionally) storage for later
non-repudiation.

Both software based certificates and a number of smartcard readers /
smart cards are supported.
We're supporting both IE and netscape.

The majority of current customers are using this to get their customers
to confirm/sign transactions passed through html forms.

See http://www.celocom.ie for details and a download that one can try
against a test server we run.

</mini-advert>

Regards,
Neil Costigan









Nicolas Aragon wrote:
> 
> Hello,
> 
> > > Is this right, and if yes, is there a way within SSL (openssl) to
> > > provide non-repudiation?
> > It sounds right to me, and certainly SSL was not intended to provide
> > non-repudiation as a service. I'd say, therefore, that if you want
> > non-repudiation, you'd need to add it on top of SSL.
> 
> I have a similar problem as Maurice. And I guess that what he's
> asking isn't exactly if SSL provides non-repudiation, but if
> openssl provides library calls that could help us to implement
> it, and if we can use the same keys. I'm outside USA, if it helps.
> 
> Provided openssl is meant to be deployed to the clients, it'd
> be great if we don't need to add yet another lib... in our
> case, certificates will be stored in "smart cards", that
> alse requires some config, and (end users + long installations)
> uses to be an explosive cocktail :-(
> 
> Thanks in advance,
> 
>   Nico
> 
> --
> Nicolás Aragón
> [EMAIL PROTECTED]
> Departamento de Proyectos Avanzados
> Software AG Spain
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to