[28464] in North American Network Operators' Group
Re: How long before NIPC decides we need one of these?
daemon@ATHENA.MIT.EDU (Chris Adams)
Mon May 1 02:09:38 2000
From: Chris Adams <chris@digitaria.com>
In-Reply-To: <390D1D6B.40AB44CE@ais.net>
Message-ID: <0003668878a79ff0_mailit@mail.elcjn1.sdca.home.com>
Date: Sun, 30 Apr 2000 23:07:35 -0700
To: gfresen@ais.net
Cc: nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Errors-To: owner-nanog-outgoing@merit.edu
On 04/30/00 11:00:12 PM gfresen@ais.net wrote:
>No, it's worse than that. With your private key in their hands, they can
>write
>messages, put on appropriate dates and sign them ... then say that you wrote
>them. (depending upon the technology that is used)
Yes. Couple that with treating key confiscation as a minor thing and I'd be
surprised if someone's key didn't end up accidentally being sent to a well-
connected competitor.
One possible line of defense other than complete civil disobediance might be
providing only the session key(s) used for encrypted documents instead of the
key-pair. It'd be interesting to see if the courts accept this.
