Non-repudiation services provide unforgeable evidence that a specific action occurred. The MHS provides the following non-repudiation services: non-repudiation of origin, non-repudiation of submission, and non-repudiation of delivery. Non-repudiation of origin protects against any attempt by a message originator to deny sending a message. Non-repudiation of submission protects against any attempt by an MTA to deny that a message was submitted for delivery. Non-repudiation of delivery protects against any attempt by a message recipient to deny receiving a message.
The non-repudiation services are similar to their weaker proof counterparts (i.e., proof of submission, proof of delivery, and message origin authentication); however, non-repudiation provides stronger protection, because the proof can be demonstrated to a third party. Digital signatures are used to provide non-repudiation. For example, if a recipient returns proof of delivery by signing a report, non-repudiation of delivery is also provided. Since only the recipient's private key could have generated the signature, the signature provides unforgeable evidence of message delivery. Symmetric encryption cannot guarantee non-repudiation. Since both the originator and recipient share the symmetric encryption key, either party can generate the proof.
The exact mechanisms used to provide non-repudiation of origin, non-repudiation of submission, and non-repudiation of delivery are described in Section 11.6.3. Non-repudiation services may also be provided by a third party notary; however, third party notaries are outside the scope of the X.400 Recommendations.