About Question enthuware.ocejws.v6.2.242 :

Moderators: Site Manager, fjwalraven

Post Reply
himaiMinh
Posts: 358
Joined: Fri Nov 29, 2013 8:26 pm
Contact:

About Question enthuware.ocejws.v6.2.242 :

Post by himaiMinh »

In JSR-109 , why security requirement includes non-repudiation?
If integrity requirement is guaranteed, the sender cannot deny he/she sends the message.
To meet integrity requirement, we need a digital signature. Integrity and non-repudiation are the good consequence of using a digital signature.
What I am trying to say is if the integrity requirement is satisfied, non-repudiation is guaranteed.

fjwalraven
Posts: 429
Joined: Tue Jul 24, 2012 2:43 am
Contact:

Re: About Question enthuware.ocejws.v6.2.242 :

Post by fjwalraven »

Hi Himai,
himaiMinh wrote:What I am trying to say is if the integrity requirement is satisfied, non-repudiation is guaranteed.
This one is subtle: yes you would have to use a digital signature to fulfill the integrity requirement, but that alone is not enough. Proof of the origin of data is also required.

You have probably heard of the man-in-the-middle attack, in that scenario digital signing takes place, but because there is no proof of the origin of the data, it can still be tampered with. A solution to protect yourself against the man-in-the-middle attack is to use mutual authentication (with certificates, and digital signatures).

Regards,
Frits

Post Reply

Who is online

Users browsing this forum: No registered users and 21 guests