Collaborate Disseminate
If it is confirmed that Alice is the source of a message (authentication), then shouldn’t she be unable to deny that the message is from her (non-repudiation)?
Is there an example where authentication happens without non-rep… Continue reading Doesn’t Authentication logically imply Non-repudiation?
I’m creating some software that essentially enforces a specific process for creating specific documents, which protects them from being challenged later.
Afterwards, the file is signed with the user’s key (USB token not rela… Continue reading Sign a document as created with an authorized software build
I am reading on digital signatures:
A valid digital signature gives a recipient reason to believe that the
message was created by a known sender (authentication), that the
sender cannot deny having sent the message (n… Continue reading 2fa attestation object for non-repudiation
IMPORTANT NOTE:
This question is quite niche, I am not sure if this stack is the most relevant place, please inform me if there is a better place for it.
To explain the question:
I am asking if, a one-time-pad encryption sy… Continue reading Can a one-time-pad provide legal immunity – (make data inadmissable) -? [migrated]
I’ve recently started some work on Google Cloud Platform (GCP) and while developing the auth strategy for my company, I’ve repeatedly come across the recommendation to use service accounts for authentication. That makes great sense for ma… Continue reading Why is it recommended to use GCP service accounts vs user accounts?
We have a B2B Rest API with Client Certificate authentication.
Are there any reasons to add also a payload signature check to this API?
I’m seeing many service providers which add a digital signature payload parameter on the… Continue reading Are there any reasons to add payload signature to a rest API with mutual TLS?
I’ve read in some books the ‘goals of information security’, which includes non-repudiation.
My understanding of non-repudiation is that if Alice sends a message to Bob, Bob is not only convinced that the message came from A… Continue reading Difference between non-repudiation and plausible deniability
Legal Engineering Attack: When a legal entity, (person or company), is compelled by law to provide or expose a vulnerability to their system to a law enforcement agency, or when that entity takes advantage of a Terms of S… Continue reading Independent Organizations that Audit Legal Engineering Vulnerability? [on hold]
Since non-repudiation is impossible to achieve purely by software
why do digital signature exists?
Let me clarify a bit (this part is from eschaefe book pg 64):
1. When B connects to website A he checks his certificate valid… Continue reading If non-repudiation is impossible why do digital signature exist
I would like to know what is the best way to implement a digital signature to achive Non-Repudation to acomplish 21-CFR-Part11-SubpartC-11.100.part-c. Anybody has implemented this for 21 CFR 11?
Non repudiation means that if… Continue reading How to implement a digital signature for 21 CFR Part 11 for non repudiation