Enthuware

Java Certification Resources and Java Discussion Forum
https://enthuware.com/forum/

About Question enthuware.ocejws.v6.2.242 :

https://enthuware.com/forum/viewtopic.php?f=40&t=2507

Page 1 of 1

About Question enthuware.ocejws.v6.2.242 :

Posted: Wed Apr 09, 2014 7:58 pm
by himaiMinh
In JSR-109 , why security requirement includes non-repudiation?
If integrity requirement is guaranteed, the sender cannot deny he/she sends the message.
To meet integrity requirement, we need a digital signature. Integrity and non-repudiation are the good consequence of using a digital signature.
What I am trying to say is if the integrity requirement is satisfied, non-repudiation is guaranteed.

Re: About Question enthuware.ocejws.v6.2.242 :

Posted: Thu Apr 10, 2014 2:21 pm
by fjwalraven
Hi Himai,
himaiMinh wrote:What I am trying to say is if the integrity requirement is satisfied, non-repudiation is guaranteed.
This one is subtle: yes you would have to use a digital signature to fulfill the integrity requirement, but that alone is not enough. Proof of the origin of data is also required.

You have probably heard of the man-in-the-middle attack, in that scenario digital signing takes place, but because there is no proof of the origin of the data, it can still be tampered with. A solution to protect yourself against the man-in-the-middle attack is to use mutual authentication (with certificates, and digital signatures).

Regards,
Frits
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited