Lie in X.BlaBla...
Greg Broiles
gbroiles at well.com
Fri Jun 1 12:43:50 EDT 2001
At 09:58 AM 6/1/2001 +0800, Enzo Michelangeli wrote:
> > At 07:22 AM 5/31/2001 +0800, Enzo Michelangeli wrote:
> >
> > >Besides, it would be idiotic to grant access to information or
>authorization
> > >for a transaction to someone, just because he or she has presented a
>"public
> > >key certificate": authentication protocols require possession of the
>private
> > >key. Those legislators just don't know what they are talking about.
> > >Scary.
> >
> > The statute didn't say "just because" or describe a technical architecture
> > for an access control system - it criminalized the presentation of a
> > certificate without "owning" the corresponding private key.
>
>Uhm... So, which devious use of someone else's certificate were those guys
>trying to address? Also a bona fide certificate server could fall afoul of
>such law.
They were trying to address any fraudulent (not "devious") use of a
certificate to gain access or information, without regard to the technical
details.
No server will ever fall afoul of the law, because servers aren't subject
to criminal liability. A person or an organization might fall afoul of the
law if they use a certificate server in a fraudulent way. It is impossible
to violate the WA law accidentally, because a conviction under the law
requires that the convicted person act with the required mental state (the
part that says "shall not KNOWINGLY", emphasis added). It is possible for a
person to be careless with respect to what's been forbidden by the
legislature, or cavalier with respect to what they believe is achievable by
prosecutors, but that's not the same thing.
>In my experience, misguided laypeople build their attitude towards
>handling of certificates on the assumption that "a certificate is like a
>digital ID card". This sounds like one of those cases.
Have you considered that you might be making the same misguided assumptions
about the law?
--
Greg Broiles
gbroiles at well.com
"Organized crime is the price we pay for organization." -- Raymond Chandler
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list