[8779] in cryptography@c2.net mail archive
Re: Lie in X.BlaBla...
daemon@ATHENA.MIT.EDU (Eric Murray)
Sun Jun 3 12:20:09 2001
Date: Fri, 1 Jun 2001 14:53:29 -0700
From: Eric Murray <ericm@lne.com>
To: Greg Broiles <gbroiles@well.com>
Cc: Enzo Michelangeli <em@em.no-ip.com>,
cryptography@wasabisystems.com
Message-ID: <20010601145329.A4598@slack.lne.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5.1.0.14.2.20010601092556.02e60cf0@pop.well.com>; from gbroiles@well.com on Fri, Jun 01, 2001 at 09:43:50AM -0700
On Fri, Jun 01, 2001 at 09:43:50AM -0700, Greg Broiles wrote:
> At 09:58 AM 6/1/2001 +0800, Enzo Michelangeli wrote:
> > > At 07:22 AM 5/31/2001 +0800, Enzo Michelangeli wrote:
> > >
> > > >Besides, it would be idiotic to grant access to information or
> >authorization
> > > >for a transaction to someone, just because he or she has presented a
> >"public
> > > >key certificate": authentication protocols require possession of the
> >private
> > > >key. Those legislators just don't know what they are talking about.
> > > >Scary.
> > >
> > > The statute didn't say "just because" or describe a technical architecture
> > > for an access control system - it criminalized the presentation of a
> > > certificate without "owning" the corresponding private key.
> >
> >Uhm... So, which devious use of someone else's certificate were those guys
> >trying to address? Also a bona fide certificate server could fall afoul of
> >such law.
>
> They were trying to address any fraudulent (not "devious") use of a
> certificate to gain access or information, without regard to the technical
> details.
I'm not a lawyer but I read it the way Greg does.
Intent is required, so simply sending a cert that's part of a chain
and which you don't hold the corresponding private key for, or
acting as a directory, isn't illegal.
But I'd bet that some enterprising DA, given a case where someone
sends four certs in a chain and got the EE cert by fraudulent means, will
charge them with four counts of violating this law.
Eric
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
