Security Basics mailing list archives
Re: RE: Proving non-repudiation in e-Commerce App
From: bitshield () gmail com
Date: 2 Jun 2006 11:19:39 -0000
Hi Craig thanks for your indepth explanation. You are right, the term prove is too strong. I want to be able to say the customer: "Yes your system implements non-repudiation on a best-practice basis. Whenever there are problems then you have good chances to take legal action". What does this actually mean? I want to illuminate each component (as you told) the application. For doing that I have to know how one implements a proper non-repudiation. For example: How does the application log have to look like? I guess the log will be an important part, where you can trace and backup the transactions. How does a log entry look like, to prove that it couldn't be altered by the sysadmin or by a hacker? Every action triggered by the client should somehow be signed using the clients private-key and then stroed in a DB or a log file. I think such a solution would implement non-repudiation. What do you guys think? Are there other or better practices? I'm looking for applied practices. Thanks Joe
Current thread:
- Proving non-repudiation in e-Commerce App Joe (Jun 01)
- <Possible follow-ups>
- RE: Proving non-repudiation in e-Commerce App Craig Wright (Jun 01)
- Re: Proving non-repudiation in e-Commerce App Saqib Ali (Jun 02)
- Re: RE: Proving non-repudiation in e-Commerce App bitshield (Jun 02)
- RE: RE: Proving non-repudiation in e-Commerce App Craig Wright (Jun 05)
- RE: Proving non-repudiation in e-Commerce App Craig Wright (Jun 05)