Lie in X.BlaBla...

Tue Jun 5 12:40:59 EDT 2001

At 10:51 AM 6/4/2001 +0800, Enzo Michelangeli wrote:
>[...]
>OK, so excuse me for being dense, but how exactly can such attack be
>perpetrated? No sane authorization system bases authentication on the mere
>presentation of the certificate: one must have the corresponding private
>key.

Laws are not generally written to require "sane" configurations on the part 
of victims in order to achieve a successful prosecution. In particular, 
laws may be especially useful or helpful where potential victims are unable 
to or unlikely to provide their own effective security. If they could 
provide that security, the law would be unnecessary, or at least 
uninteresting and redundant. It's where people can't provide for their own 
security with "sane" systems or configurations that law is needed.

Lest you think that's just philosophical/academic noodling, don't forget 
that Microsoft is based in Washington, and that Microsoft has historically 
had a difficult time with secure design, secure implementations, and secure 
operations. Further, Microsoft has already built (and experienced 
embarrassment and insecurity) regarding the operation of a PKI-based 
code-signing hierarchy, and is going deeper, farther down that road with 
Win2K and XP and all of the rest. It's my understanding that every app in 
an XP system must be signed by a key that's been certified by Microsoft as 
a code-signing key, though I don't think I'm particularly up to date on the 
specifics of that security model. Also, remember that Microsoft's .NET and 
Hailstorm initiatives also depend on the security of an operating CA/PKI 
subsystem, and that they'll likely be hosted (at least in part) in Washington.

If your argument is "nobody will ever build an insecure system, be tricked 
into issuing a bad cert, and then want a big stick to use to go after the 
person who got the cert", you should meditate on the Microsoft situation 
for awhile. I don't have specific knowledge of Microsoft involvement in the 
drafting and passage process for this statute, but I'd be wildly surprised 
if they weren't involved at some level, simply because of their dominant 
position vis-a-vis the WA economy and their position of respect on 
technical matters among less technical people. If they didn't have some 
in-house PKI smartypants talk to the drafters of this bill, at least 
informally, I'd say Microsoft isn't doing right by its shareholders.

>So, does this section of the law intend to punish misappropriation of
>private key? Fine, but then it could just say so, better if stating in
>general terms: "Using stolen or otherwise unlawfully obtained information to
>gain unauthorized access to information or engage in an unauthorized
>transaction". This would also cover other cases (is it perhaps OK to tamper
>maliciously with Kerberos tickets or to steal a login password?) also
>including non-electronic forms of identity theft.

I must admit I'm at a loss. A few days ago you were up in arms because this 
statute was too broadly drafted, such that it was going to sweep up many 
unsuspecting non-guilty people - now you're saying that you think it should 
have been written even more broadly, so that it reaches even non-electronic 
identity theft. Are you just generally opposed to the idea of the statute, 
and now fishing for a plausible argument to justify your initial opposition?

I still think the statute is a pretty reasonable attempt at prohibiting PKI 
fraud which is unlikely to pose a great danger to people who behave in a 
normal fashion (e.g., doing things that would be legal in a sane environment).

>Talking of which, theft and fraud are ALREADY offences, regardless
>of the context, and I see no point in creating additional statute.

I agree with you about this - even applied to this statute - but 
legislators think they've been elected to Do Something, and they do.

--
Greg Broiles
gbroiles at well.com
"Organized crime is the price we pay for organization." -- Raymond Chandler

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com