Signature Program Question:

The specification does not speak of non-repudation for the following reason. An XML Signature associates a specific key with a specific message such that it is computational infeasible for anyone without the key to alter either the message or the signature without the signature under that key being broken. Consequently, the specification speaks of signer authentication. Note that the use of assymetric keys does provide for technical non-repudation because only one person need have access to the key. However, when symmetric key algorithms (like HMAC) are used both the sender and receiver have access to the key. Furthermore, non-repudation is frequently defined in the context of the trust model and concerns itself with the trustworthiness of key distribution and revocation. Consequently, we avoid the term non-repudiation.