Questions tagged [non-repudiation]

Non-repudiation is the ability to prevent an identified individual from repudiating a specific action or communication associated with that individual.

43 questions
66
votes
9 answers

Proving creation time/date of a screenshot

I have to produce a screenshot of a web page, and want to make sure others will know without any doubt that this screenshot has been produced today. That is, I would like to embed today's date in the screenshot as irrefutable proof the screenshot…
User
  • 763
  • 1
  • 5
  • 6
54
votes
5 answers

What is the difference between authenticity and non-repudiation?

I'm new to infosec and doing some reading. Not surprisingly one starting point was wikipedia. In this article, authenticity and non-repudiation are listed as 2 separate 'Basic concepts'. My understanding is that you cannot achieve non-repudiation by…
Max
  • 642
  • 1
  • 6
  • 8
47
votes
4 answers

How to achieve non-repudiation?

If I have a message that I need to send to another person, how do I achieve non repudiation ? Is digitally signing the message sufficient ?
39
votes
2 answers

How to prove that a file was not created in advance

Sometimes we need to prove that a file was not created in advance - a good example is warrant canaries. The person releasing them may have been forced to sign the file with a future timestamp. For example, AutoCanary uses recent news headlines which…
17
votes
5 answers

Why does HTTPS not support non-repudiation?

I stumbled into this recently for a specific project I had in mind. I thought HTTPS would prove that a given content actually came from the origin, by having its contents always signed before transfer. But actually, after the initial handshake, all…
rsp
  • 181
  • 1
  • 5
10
votes
2 answers

When using symmetric key encryption, do we need to sign?

Say we're using a shared key between two parties, that has been distributed using public key encryption, is it still necessary to sign any data that's encrypted using the shared key? Or is it enough to assume that because the shared key was…
9
votes
3 answers

Is "non-repudiation" automatically proven, given the other three tenets of info security?

Just to say it, the four tenets are: Confidentiality - The message the recipient gets can be proven not to have been read by anyone else since it was encoded. Integrity - The message the recipient gets can be proven not to have been changed since…
KeithS
  • 6,678
  • 1
  • 22
  • 38
7
votes
2 answers

How do I release a self made program without it being tracked back to me?

For clarification, I am looking for the best way to release this program anonymously, not how to remain anonymous and such in general life (that is a different -already answered- question). I've created a program myself not pirated/cracked and…
user63407
  • 71
  • 2
6
votes
2 answers

What security standards and regulations are in place for bank ATM?

Are there any international or US mandated standards and regulations that apply to communications between automatic teller machines and bank's central office? Are banks or ATM operators subjected to periodic audits that include ATM security…
Drew Lex
  • 2,013
  • 2
  • 19
  • 24
5
votes
2 answers

TLS with non-repudiation; what happened with 'TLS Sign'?

TLS Sign was proposed as an IETF Draft in June 2007. I have not found further information, besides that the draft expired in November 2007. Can someone tell me what happened with this extension or can someone point me to an extension, or a mechanism…
codebold
  • 51
  • 3
5
votes
4 answers

Non-repudiation in Exchange/Outlook without Digital Signatures

Scenario: Acme Corp. needs to collect evidence to support their side of a case in court. Part of this evidence may include e-mail messages. Certain employees who do not have administrative access to the e-mail server, but may have administrative…
Iszi
  • 26,997
  • 18
  • 98
  • 163
5
votes
2 answers

Difference between non-repudiation and plausible deniability

I've read in some books the 'goals of information security', which includes non-repudiation. My understanding of non-repudiation is that if Alice sends a message to Bob, Bob is not only convinced that the message came from Alice but he can also…
4
votes
4 answers

Are there any reasons to add a payload signature to a REST API with mutual TLS?

We have a B2B REST API with Client Certificate authentication. Are there any reasons to add also a payload signature check to this API? I'm seeing many service providers which add a digital signature payload parameter to their API. Having already a…
4
votes
3 answers

How can HelloSign be secure without any authentication?

[Note: This is not a duplicate of Are documents truly "signed" by DocuSign?. That page does not have an answer to the specific question I am asking in the final paragraph, below. This page, however, does. Hence, not a duplicate.] HelloTech has a…
Bill_Stewart
  • 296
  • 1
  • 2
  • 14
4
votes
2 answers

Does SSL/TLS provide non-repudiation service?

I understand that SSL/TLS provides confidentiality and integrity. But does it provide non-repudiation? I read in one book it does not. But I wonder why? What does it mean? If it means Alice can repudiate she holds that public-key? Then, TLS…
user2192774
  • 295
  • 4
  • 8
1
2 3