Lie in X.BlaBla...
Greg Broiles
gbroiles at well.com
Tue Jun 5 12:40:59 EDT 2001
At 10:51 AM 6/4/2001 +0800, Enzo Michelangeli wrote:
>[...]
>OK, so excuse me for being dense, but how exactly can such attack be
>perpetrated? No sane authorization system bases authentication on the mere
>presentation of the certificate: one must have the corresponding private
>key.
Laws are not generally written to require "sane" configurations on the part
of victims in order to achieve a successful prosecution. In particular,
laws may be especially useful or helpful where potential victims are unable
to or unlikely to provide their own effective security. If they could
provide that security, the law would be unnecessary, or at least
uninteresting and redundant. It's where people can't provide for their own
security with "sane" systems or configurations that law is needed.
Lest you think that's just philosophical/academic noodling, don't forget
that Microsoft is based in Washington, and that Microsoft has historically
had a difficult time with secure design, secure implementations, and secure
operations. Further, Microsoft has already built (and experienced
embarrassment and insecurity) regarding the operation of a PKI-based
code-signing hierarchy, and is going deeper, farther down that road with
Win2K and XP and all of the rest. It's my understanding that every app in
an XP system must be signed by a key that's been certified by Microsoft as
a code-signing key, though I don't think I'm particularly up to date on the
specifics of that security model. Also, remember that Microsoft's .NET and
Hailstorm initiatives also depend on the security of an operating CA/PKI
subsystem, and that they'll likely be hosted (at least in part) in Washington.
If your argument is "nobody will ever build an insecure system, be tricked
into issuing a bad cert, and then want a big stick to use to go after the
person who got the cert", you should meditate on the Microsoft situation
for awhile. I don't have specific knowledge of Microsoft involvement in the
drafting and passage process for this statute, but I'd be wildly surprised
if they weren't involved at some level, simply because of their dominant
position vis-a-vis the WA economy and their position of respect on
technical matters among less technical people. If they didn't have some
in-house PKI smartypants talk to the drafters of this bill, at least
informally, I'd say Microsoft isn't doing right by its shareholders.
>So, does this section of the law intend to punish misappropriation of
>private key? Fine, but then it could just say so, better if stating in
>general terms: "Using stolen or otherwise unlawfully obtained information to
>gain unauthorized access to information or engage in an unauthorized
>transaction". This would also cover other cases (is it perhaps OK to tamper
>maliciously with Kerberos tickets or to steal a login password?) also
>including non-electronic forms of identity theft.
I must admit I'm at a loss. A few days ago you were up in arms because this
statute was too broadly drafted, such that it was going to sweep up many
unsuspecting non-guilty people - now you're saying that you think it should
have been written even more broadly, so that it reaches even non-electronic
identity theft. Are you just generally opposed to the idea of the statute,
and now fishing for a plausible argument to justify your initial opposition?
I still think the statute is a pretty reasonable attempt at prohibiting PKI
fraud which is unlikely to pose a great danger to people who behave in a
normal fashion (e.g., doing things that would be legal in a sane environment).
>Talking of which, theft and fraud are ALREADY offences, regardless
>of the context, and I see no point in creating additional statute.
I agree with you about this - even applied to this statute - but
legislators think they've been elected to Do Something, and they do.
--
Greg Broiles
gbroiles at well.com
"Organized crime is the price we pay for organization." -- Raymond Chandler
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list