Lie in X.BlaBla...

Greg Broiles gbroiles at
Fri Jun 1 12:43:50 EDT 2001

At 09:58 AM 6/1/2001 +0800, Enzo Michelangeli wrote:
> > At 07:22 AM 5/31/2001 +0800, Enzo Michelangeli wrote:
> >
> > >Besides, it would be idiotic to grant access to information or
> > >for a transaction to someone, just because he or she has presented a
> > >key certificate": authentication protocols require possession of the
> > >key. Those legislators just don't know what they are talking about.
> > >Scary.
> >
> > The statute didn't say "just because" or describe a technical architecture
> > for an access control system - it criminalized the presentation of a
> > certificate without "owning" the corresponding private key.
>Uhm... So, which devious use of someone else's certificate were those guys
>trying to address? Also a bona fide certificate server could fall afoul of
>such law.

They were trying to address any fraudulent (not "devious") use of a 
certificate to gain access or information, without regard to the technical 

No server will ever fall afoul of the law, because servers aren't subject 
to criminal liability. A person or an organization might fall afoul of the 
law if they use a certificate server in a fraudulent way. It is impossible 
to violate the WA law accidentally, because a conviction under the law 
requires that the convicted person act with the required mental state (the 
part that says "shall not KNOWINGLY", emphasis added). It is possible for a 
person to be careless with respect to what's been forbidden by the 
legislature, or cavalier with respect to what they believe is achievable by 
prosecutors, but that's not the same thing.

>In my experience, misguided laypeople build their attitude towards
>handling of certificates on the assumption that "a certificate is like a
>digital ID card". This sounds like one of those cases.

Have you considered that you might be making the same misguided assumptions 
about the law?

Greg Broiles
gbroiles at
"Organized crime is the price we pay for organization." -- Raymond Chandler

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list