Non-repudiation protocols aim at preventing parties in a communication from falsely denying having taken part in that communication; for example, a non-repudiation protocol for digital certified mail should ensure that neither the sender can deny sending the message, nor the receiver can deny receiving it. We identify some guidelines for nonrepudiation protocols. The guidelines are derived by examining a series of non-repudiation protocols that descend from a single ancestor. Categories and Subject Descriptors C.2.0 [Computer-Communication Networks]: General--security and protection (e.g., firewalls); K.4.4 [Computers and Society]: Electronic Commerce--security; K.5.m [Legal Aspects of Computing]: Miscellaneous; K.6.5 [Management of Computing and Information Systems]: Security and Protection General Terms Legal Aspects, Security, Verification Keywords Non-repudiation, Fair Exchange, Formal Verification