Questions tagged [non-repudiation]
Non-repudiation is the ability to prevent an identified individual from repudiating a specific action or communication associated with that individual.
44 questions
1 vote
0 answers
68 views
Improve non-repudiation implementation for electronic signatures
Our company provides software to small businesses and includes an electronic signature system for them to let their customers sign agreements/documents online. The current system's claims to non-...
- 111
-1 votes
2 answers
696 views
How to check the authenticity of an outlook email attachment (.msg)?
let's say that someone sends me a business email on Microsoft outlook 365. I save the email as an attachment (email.msg) How a third person can make sure that the email attachment is not edited (...
1 vote
3 answers
247 views
Verifiable alternative to screenshots for web browsers
Screenshots are generally held to be dubious evidence when presented in court because they are susceptible to alteration, especially when it comes to pages rendered in web browsers. You can use the ...
- 1,361
1 vote
2 answers
154 views
Non-repudiation of customer data
For our web application we are maintaining some data, pertaining to our subscribers, on our server. Some of this data is sensitive and we would like to implement some "security measures" ...
- 111
1 vote
2 answers
299 views
Premeditated substitution of ECDSA-signed message by the signer
If I understand correctly section 4.2 in Jacques Stern, David Pointcheval, John Malone-Lee, and Nigel P. Smart's Flaws in Applying Proof Methodologies to Signature Schemes, in proceedings of Crypto ...
- 1,297
0 votes
0 answers
35 views
Validate that CA really signed certificate [duplicate]
What is the process of validating that a ssl certificate I try to validate is really signed by CA I trust? What is the part of the certificate (The one I try to validate) is the one cant be faked? ...
1 vote
1 answer
198 views
Can a client prove to a third party that they sent a message to another client in a P2P network?
Let's say Alice sends a message to Bob in their P2P chat app asking him to complete some work. Bob is lazy, so he deletes the message off his machine, does not complete the work, and just claims that ...
- 135
1 vote
1 answer
180 views
Proving authenticity of a message from a message app in case of deletion
Say you want to prove that you received a certain message from someone. This can be difficult because many messaging apps (like facebook messenger) allow the sender to delete messages on the recipient'...
- 111
20 votes
5 answers
4k views
Why does HTTPS not support non-repudiation?
I stumbled into this recently for a specific project I had in mind. I thought HTTPS would prove that a given content actually came from the origin, by having its contents always signed before transfer....
- 311
4 votes
3 answers
966 views
Doesn't Authentication logically imply Non-repudiation? [duplicate]
If it is confirmed that Alice is the source of a message (authentication), then shouldn't she be unable to deny that the message is from her (non-repudiation)? Is there an example where ...
- 141
2 votes
1 answer
195 views
Sign a document as created with an authorized software build
I'm creating some software that essentially enforces a specific process for creating specific documents, which protects them from being challenged later. Afterwards, the file is signed with the user'...
- 2,900
2 votes
1 answer
333 views
2fa attestation object for non-repudiation
I am reading on digital signatures: A valid digital signature gives a recipient reason to believe that the message was created by a known sender (authentication), that the sender cannot deny ...
- 123
2 votes
1 answer
3k views
Why is it recommended to use GCP service accounts vs user accounts?
I've recently started some work on Google Cloud Platform (GCP) and while developing the auth strategy for my company, I've repeatedly come across the recommendation to use service accounts for ...
- 1,361
4 votes
4 answers
3k views
Are there any reasons to add a payload signature to a REST API with mutual TLS?
We have a B2B REST API with Client Certificate authentication. Are there any reasons to add also a payload signature check to this API? I'm seeing many service providers which add a digital signature ...
- 355
6 votes
2 answers
2k views
Difference between non-repudiation and plausible deniability
I've read in some books the 'goals of information security', which includes non-repudiation. My understanding of non-repudiation is that if Alice sends a message to Bob, Bob is not only convinced ...
