Security Basics mailing list archives
Proving non-repudiation in e-Commerce App
From: Joe <bitshield () gmail com>
Date: Thu, 1 Jun 2006 20:32:16 +0200
Dear List-Members I'm currently dealing with a review of an e-Commerce Application. One goal is to prove that this application properly implements a non-repudiation mechanism throughout the whole process-flow. This flow starts at the user authentication, communication over the web to the server component, then processing of the client requests and finally logging. The non-repudiation has similarities with e-Banking which points me to the following keywords: digital signature, signed logging and time stamp protocols. Using Google I also found various sources discussing most of those points individually. However I'm looking for a more general, broad and complete approach. Do you guys have interesting sources and experiences about verifying non-repudiation? Are there standards, defined processes, work-flows, and implementation- or audit guidelines? Thanks for your feedback Joe
Current thread:
- Proving non-repudiation in e-Commerce App Joe (Jun 01)
- <Possible follow-ups>
- RE: Proving non-repudiation in e-Commerce App Craig Wright (Jun 01)
- Re: Proving non-repudiation in e-Commerce App Saqib Ali (Jun 02)
- Re: RE: Proving non-repudiation in e-Commerce App bitshield (Jun 02)
- RE: RE: Proving non-repudiation in e-Commerce App Craig Wright (Jun 05)
- RE: Proving non-repudiation in e-Commerce App Craig Wright (Jun 05)