[8768] in cryptography@c2.net mail archive
Re: Lie in X.BlaBla...
daemon@ATHENA.MIT.EDU (Greg Broiles)
Thu May 31 11:59:55 2001
Message-Id: <5.1.0.14.2.20010531083944.0318d8d0@mail.wwc.com>
Date: Thu, 31 May 2001 08:45:34 -0700
To: "Enzo Michelangeli" <em@em.no-ip.com>,
"R. A. Hettinga" <rah@shipwright.com>,
"Matt Crawford" <crawdad@fnal.gov>
From: Greg Broiles <gbroiles@well.com>
Cc: <cryptography@wasabisystems.com>
In-Reply-To: <02b901c0e95f$5d3fc880$0200000a@emnb>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 07:22 AM 5/31/2001 +0800, Enzo Michelangeli wrote:
>Besides, it would be idiotic to grant access to information or authorization
>for a transaction to someone, just because he or she has presented a "public
>key certificate": authentication protocols require possession of the private
>key. Those legislators just don't know what they are talking about.
>Scary.
The statute didn't say "just because" or describe a technical architecture
for an access control system - it criminalized the presentation of a
certificate without "owning" the corresponding private key.
Matt's point about cert chains was apropos - and it's worth thinking for a
minute about what it means to own a key, rather than simply possess a copy
of it, as this seems to be creating a new kind of intellectual property, if
there's such a thing as title to a keypair - but I don't think that the
lack of specification of an authentication protocol in the statute implies
that the legislature thinks there shouldn't be one, nor that any particular
one should be used. I think they got this part of the statute just right. (
.. though I'm not sure it's time to start writing new laws for PKI)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
