Lie in X.BlaBla...

Greg Broiles gbroiles at
Thu May 31 11:45:34 EDT 2001

At 07:22 AM 5/31/2001 +0800, Enzo Michelangeli wrote:

>Besides, it would be idiotic to grant access to information or authorization
>for a transaction to someone, just because he or she has presented a "public
>key certificate": authentication protocols require possession of the private
>key. Those legislators just don't know what they are talking about.

The statute didn't say "just because" or describe a technical architecture 
for an access control system - it criminalized the presentation of a 
certificate without "owning" the corresponding private key.

Matt's point about cert chains was apropos - and it's worth thinking for a 
minute about what it means to own a key, rather than simply possess a copy 
of it, as this seems to be creating a new kind of intellectual property, if 
there's such a thing as title to a keypair - but I don't think that the 
lack of specification of an authentication protocol in the statute implies 
that the legislature thinks there shouldn't be one, nor that any particular 
one should be used. I think they got this part of the statute just right. ( 
.. though I'm not sure it's time to start writing new laws for PKI)

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list