In JSR-109 , why security requirement includes non-repudiation?
If integrity requirement is guaranteed, the sender cannot deny he/she sends the message.
To meet integrity requirement, we need a digital signature. Integrity and non-repudiation are the good consequence of using a digital signature.
What I am trying to say is if the integrity requirement is satisfied, non-repudiation is guaranteed.
About Question enthuware.ocejws.v6.2.242 :
Moderators: Site Manager, fjwalraven
-
- Posts: 358
- Joined: Fri Nov 29, 2013 8:26 pm
- Contact:
-
- Posts: 429
- Joined: Tue Jul 24, 2012 2:43 am
- Contact:
Re: About Question enthuware.ocejws.v6.2.242 :
Hi Himai,
You have probably heard of the man-in-the-middle attack, in that scenario digital signing takes place, but because there is no proof of the origin of the data, it can still be tampered with. A solution to protect yourself against the man-in-the-middle attack is to use mutual authentication (with certificates, and digital signatures).
Regards,
Frits
This one is subtle: yes you would have to use a digital signature to fulfill the integrity requirement, but that alone is not enough. Proof of the origin of data is also required.himaiMinh wrote:What I am trying to say is if the integrity requirement is satisfied, non-repudiation is guaranteed.
You have probably heard of the man-in-the-middle attack, in that scenario digital signing takes place, but because there is no proof of the origin of the data, it can still be tampered with. A solution to protect yourself against the man-in-the-middle attack is to use mutual authentication (with certificates, and digital signatures).
Regards,
Frits
Who is online
Users browsing this forum: No registered users and 8 guests