Lie in X.BlaBla...

Enzo Michelangeli em at
Thu May 31 21:58:51 EDT 2001

----- Original Message -----
From: "Greg Broiles" <gbroiles at>
To: "Enzo Michelangeli" <em at>; "R. A. Hettinga"
<rah at>; "Matt Crawford" <crawdad at>
Cc: <cryptography at>
Sent: Thursday, May 31, 2001 11:45 PM
Subject: Re: Lie in X.BlaBla...

> At 07:22 AM 5/31/2001 +0800, Enzo Michelangeli wrote:
> >Besides, it would be idiotic to grant access to information or
> >for a transaction to someone, just because he or she has presented a
> >key certificate": authentication protocols require possession of the
> >key. Those legislators just don't know what they are talking about.
> >Scary.
> The statute didn't say "just because" or describe a technical architecture
> for an access control system - it criminalized the presentation of a
> certificate without "owning" the corresponding private key.

Uhm... So, which devious use of someone else's certificate were those guys
trying to address? Also a bona fide certificate server could fall afoul of
such law. In my experience, misguided laypeople build their attitude towards
handling of certificates on the assumption that "a certificate is like a
digital ID card". This sounds like one of those cases.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list