To support the principle of non-repudiation when sending emails over unsecured channels, the user's certificate should be signed by a Certificate Authority (CA). Let's break down the options provided:
A) RA (Registration Authority): A Registration Authority is responsible for verifying the identity of individuals or entities before issuing a certificate. However, RA does not sign certificates.
B) CA (Certificate Authority): A Certificate Authority is a trusted third-party organization that verifies the identity of individuals or entities and signs their certificates. The CA's digital signature on the certificate provides assurance of the certificate's authenticity and integrity. This helps in establishing non-repudiation, meaning that the sender cannot deny sending the email once it has been digitally signed by the CA.
C) CRL (Certificate Revocation List): A Certificate Revocation List is a list maintained by the CA that includes the serial numbers or other identifiers of certificates that have been revoked or are no longer valid. While CRLs are important for ensuring the validity of certificates, they are not directly related to signing the user's certificate for non-repudiation.
D) CSR (Certificate Signing Request): A Certificate Signing Request is a message sent from the applicant (user) to the CA, requesting the CA to issue a digital certificate. The CSR includes the applicant's public key and other information. The CA then signs the user's certificate based on the CSR, but the CSR itself is not the signing mechanism for non-repudiation.
In summary, to support non-repudiation when sending emails over unsecured channels, the user's certificate should be signed by a Certificate Authority (CA). The CA's digital signature on the certificate ensures the authenticity and integrity of the certificate, preventing the user from denying their involvement in sending the email.