Lie in X.BlaBla...
Greg Broiles
gbroiles at well.com
Thu May 31 11:45:34 EDT 2001
At 07:22 AM 5/31/2001 +0800, Enzo Michelangeli wrote:
>Besides, it would be idiotic to grant access to information or authorization
>for a transaction to someone, just because he or she has presented a "public
>key certificate": authentication protocols require possession of the private
>key. Those legislators just don't know what they are talking about.
>Scary.
The statute didn't say "just because" or describe a technical architecture
for an access control system - it criminalized the presentation of a
certificate without "owning" the corresponding private key.
Matt's point about cert chains was apropos - and it's worth thinking for a
minute about what it means to own a key, rather than simply possess a copy
of it, as this seems to be creating a new kind of intellectual property, if
there's such a thing as title to a keypair - but I don't think that the
lack of specification of an authentication protocol in the statute implies
that the legislature thinks there shouldn't be one, nor that any particular
one should be used. I think they got this part of the statute just right. (
.. though I'm not sure it's time to start writing new laws for PKI)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list