• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

how to handle non-repudiation if Client Authentication is not used

 
suekar meredilko
Ranch Hand
Posts: 153
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Folks,
a simple question, assume I have an https based website which accepts credit cards for purchasing books, now assuming I dont have client side authentication enabled, how can I handle non-repudiation


Pls. explain.

thanks
[ May 22, 2006: Message edited by: suekar meredilko ]
 
suekar meredilko
Ranch Hand
Posts: 153
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
anyone???
 
Thomas Taeger
Ranch Hand
Posts: 311
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by suekar meredilko:
assume I have an https based website which accepts credit cards for purchasing books, now assuming I dont have client side authentication enabled, how can I handle non-repudiation

By re-inventing client side authentication based on a secret? ...
- that is common to both parties
- and in that your server trusts? You need to find a reason to trust ...

Non-repudation is based on any kind of client-side authentication AND digital signature tied to the [electronic] order, or by showing a passport AND signing on the order-paper, ... .

If I got it right the only half-reasonably believable information about your clients is the credit card number. You may decide yourself or ask a lawer if the knowledge of a credit card number (of a maybe stolen credit card ...) is reason enough to trust - least of all for a justice, in possibly international business ... . I could not call it a technical problem.

Just some thoughts ...
[ May 27, 2006: Message edited by: Thomas Taeger ]
 
suekar meredilko
Ranch Hand
Posts: 153
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok. Thanks. If I understood you rightly you meant, we need to invent it somehow.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic