RE: Signing before Encryption and Signing after Encryption

You're right, there's the entire additional dimension of tying
the private key to the entity it is supposed to represent. That's
not part of the encryption, but it's a necessary part of the
legality. I find it far too easy to get caught up in the
technical aspects....

David Gillett


-----Original Message-----
From: Craig Wright [mailto:cwright@xxxxxxxxxxxxx]
Sent: Wednesday, March 22, 2006 1:53 PM
To: gillettdavid@xxxxxxxx; shyaam@xxxxxxxxx;
security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Signing before Encryption and Signing after Encryption


Hi David,
Non-repudiation has different requirements in different legal
jurisdictions.

There needs to be a manner to verify the keys (i.e. PKI). I
can get a verisign certificate calling myself Bill Gates.
This does not mean for the purpose of legal contractual
negotiations that I am Bill Gates. I could sign an email as
such though.

For non-repudiation to work, there needs to be an attestation
by the operator of the certificate authority.


The following are some guidelines for non-repudiation, based
on locality of course:
Australia National Electronic Authentication Council,

Liability and other Legal Issues in the Use of
PKI Digital Certificates (May 2002).

EC, Directive 1999/93/EC of the European Parliament and of
the Council
Austria, Signature Law, 2000

England, Scotland and Wales

Electronic Communications Act, 2000

Germany Signature Law, 2001

Sweden Qualified Electronic Signatures Act (SFS
2000:832) (in swedish).


India Information Technology Act, 2000

New Zealand Electronic Transactions Act, 2003 sections 22-24

USA Electronic Signatures in Global and National Commerce
Act (E-SIGN),

at 15 U.S.C. 7001 et seq
Switzerland Federal Law on Certification Services Concerning the
Electronic Signature, 2003


To take a quote from the English Ministry associated with
Digital Signature law:
"A private key authenticated by a digital certificate
generated within a PKI can be considered as the electronic
equivalent of a passport. Both establish identities for
persons who have met the requisite identity checks. The
community accepts the validity of the holder's identity
because it trusts the issuer. The identity can be used to
authenticate the holder in subsequent transactions without
directly involving the issuer."

Web of trust models such as PGP can result in a signature,
but the issue of non-repudiation is not fulfilled in that the
issuer can not be held to account separately (as it is a self
signed certificate).

In situations where the parties have had prior dealings, it
may be possible to verify the owner of the public key, for
example, at a personal meeting, parties may exchange public
keys on floppy disks (eg key signing parties). However, if
the parties are unknown to each other, and perhaps in
different jurisdictions, the requisite level of confidence is
not present. The solution to this lies in the public key
infrastructure and is governed by different levels of trust.


Regards
Craig

-----Original Message-----
From: David Gillett [mailto:gillettdavid@xxxxxxxx]

Sent: 23 March 2006 8:24
To: Craig Wright; shyaam@xxxxxxxxx; security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Signing before Encryption and Signing after Encryption

Does non-repudiation require anything more than assurance
that the private key (a) MUST have been used, and (b) HASN'T
been compromised?
Are you just alluding to the measures which support those
assertions, or to some additional requirement(s) that escapes me?

[If your private key isn't really private, all bets are off.]

David Gillett


-----Original Message-----
From: Craig Wright [mailto:cwright@xxxxxxxxxxxxx]
Sent: Wednesday, March 22, 2006 12:56 PM
To: gillettdavid@xxxxxxxx; shyaam@xxxxxxxxx;

security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Signing before Encryption and Signing after Encryption




True, but the argument was not one as to which is the better method.
There are several secure hashing algorithms.




Further there is more to verification to source than just asymmetric

keys. Non-repudiation is a complex field in itself and requires a

entire range of associated infrastructure.


Regards
Craig



Liability limited by a scheme approved under Professional
Standards Legislation in respect of matters arising within
those States and Territories of Australia where such
legislation exists.

DISCLAIMER
The information contained in this email and any attachments
is confidential. If you are not the intended recipient, you
must not use or disclose the information. If you have
received this email in error, please inform us promptly by
reply email or by telephoning +61 2 9286 5555. Please delete
the email and destroy any printed copy.


Any views expressed in this message are those of the
individual sender. You may not rely on this message as advice
unless it has been electronically signed by a Partner of BDO
or it is subsequently confirmed by letter or fax signed by a
Partner of BDO.

BDO accepts no liability for any damage caused by this email
or its attachments due to viruses, interference,
interception, corruption or unauthorised access.



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • Re: DRA is Decrypting Files when it shouldnt be!!!
    ... > EFS is allowing the RA to decrypt 200 files that were encrypted BEFORE an RA ... > encryption to get the RA to decrypt encrypted files. ... the default RA certificate was used. ... certificate and private key only when needed). ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Signing before Encryption and Signing after Encryption
    ... private key MUST have been used, ... Signing before Encryption and Signing after Encryption ... Key management is a bugger, ...
    (Security-Basics)
  • RE: Signing before Encryption and Signing after Encryption
    ... If both asymmetric keys are used, the private key needs to be ... This only works if the encryption is NOT transitive, ... If the signing is done over the whole message and not just the ... hash of the message with your private key. ...
    (Security-Basics)
  • Re: EFS and DRA. Admin unable to decrypt
    ... >So the certificate is used to identify the user & the ... EFS encryption key, the system will generate one for him. ... file using *his* private key, because his public key was incorporated ... into the public-key encryption of the FEK. ...
    (microsoft.public.windowsxp.security_admin)
  • Key Recovery and Decryption
    ... I had the encryption key backed up on ... and designating a Data Recovery Agent. ... to install the Administrator's Data Recovery Certificate ... corresponding private key but if I try to export this ...
    (microsoft.public.windowsxp.security_admin)