[144059] in cryptography@c2.net mail archive
RE: Property RIghts in Keys
daemon@ATHENA.MIT.EDU (Weger, B.M.M. de)
Fri Feb 13 16:45:32 2009
From: "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl>
To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Date: Thu, 12 Feb 2009 22:01:15 +0100
In-Reply-To: <20090212194008.GB16314@randombit.net>
Hi all,
> Say I have discovered a marvelous method of easily factoring=20
> RSA keys, which unfortunately the margin of this emacs buffer=20
> is too small to contain, and I then go out, factor GeoTrust's=20
> CA key and issue a new certificate.
>=20
> Questions:
>=20
> Am I now infringing on GeoTrust's IP rights? Or have, rather,=20
> I made myself a co-owner in said rights on this particular key?
>=20
> Have I broken any law? If not, should what I have done be illegal?
Here's a variant that I find interesting ;-). It's not about the=20
public key but about the signature, another cryptograhic field
in a certificate that shares many properties with keys.
Say somebody has discovered a marvelous method of finding collisions
for a hash function. Then he creates two certificates, of which the
to-be-signed parts form a hash collision. Then he lets a CA sign=20
one of them, and copies the signature into the other one, making
that a certificate that is indistinguishable from a valid one
issued by the CA. Has he broken any copyright law?
I admit this is a purely hypothetical case. Or... maybe it isn't?
Grtz,
Benne de Weger=
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
