[8774] in cryptography@c2.net mail archive
Re: Lie in X.BlaBla...
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Thu May 31 22:38:20 2001
Message-ID: <003d01c0ea3e$86cda570$011010ac@ima.com>
Reply-To: "Enzo Michelangeli" <em@em.no-ip.com>
From: "Enzo Michelangeli" <em@who.net>
To: "R. A. Hettinga" <rah@shipwright.com>,
"Matt Crawford" <crawdad@fnal.gov>,
"Greg Broiles" <gbroiles@well.com>
Cc: <cryptography@wasabisystems.com>
Date: Fri, 1 Jun 2001 09:58:51 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
----- Original Message -----
From: "Greg Broiles" <gbroiles@well.com>
To: "Enzo Michelangeli" <em@em.no-ip.com>; "R. A. Hettinga"
<rah@shipwright.com>; "Matt Crawford" <crawdad@fnal.gov>
Cc: <cryptography@wasabisystems.com>
Sent: Thursday, May 31, 2001 11:45 PM
Subject: Re: Lie in X.BlaBla...
> At 07:22 AM 5/31/2001 +0800, Enzo Michelangeli wrote:
>
> >Besides, it would be idiotic to grant access to information or
authorization
> >for a transaction to someone, just because he or she has presented a
"public
> >key certificate": authentication protocols require possession of the
private
> >key. Those legislators just don't know what they are talking about.
> >Scary.
>
> The statute didn't say "just because" or describe a technical architecture
> for an access control system - it criminalized the presentation of a
> certificate without "owning" the corresponding private key.
Uhm... So, which devious use of someone else's certificate were those guys
trying to address? Also a bona fide certificate server could fall afoul of
such law. In my experience, misguided laypeople build their attitude towards
handling of certificates on the assumption that "a certificate is like a
digital ID card". This sounds like one of those cases.
Enzo
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
