Support for Non-Repudiation
If the PKI-enabled service of non-repudiation (see Chapter 5, "PKI-Enabled Services") is to be supported in an organization, the ability to maintain multiple key pairs—and, consequently, multiple certificates—per entity is a fundamental requirement. To have true support for non-repudiation, a necessary condition is that the private key involved in the intended non-repudiable action (such as signing a receipt for proof of delivery) must never be known to another party. Otherwise, the entity involved can simply claim that the other party may have performed the non-repudiable action. Regardless of whether such a claim can be proven (or even whether such a claim is plausible), the mere fact that another party has knowledge ...
Get Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
