Internet X.509 Public Key Infrastructure Technical Requirements for a non-Repudiation Service

Document Type Expired Internet-Draft (individual)
Author Thomas Gindin 
Last updated 1999-08-30
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document describes those features of a service which processes signed doucments which must be present in order for that service to constitute a 'technical non-repudiation' service. A technical non-repudiation service must permit an independent verifier to determine whether a given signature was applied to a given data object by the private key associated with a given valid certificate, at a time later than the signature. The features of a technical non-repudiation service are expected to be necessary for a full non-repudiation service, although they may not be sufficient. This document is intended to clarify the definition of the 'non-repudiation' service in RFC 2459. It should thus serve as a guide to when the nonRepudiation bit of the keyUsage extension should be used and to when a Certificate Authority is required to archive CRL's.


Thomas Gindin (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)